IOC Vulnerable Drivers

Reading Time: 2 minutesYou can download this CSV file here <==== SHA256NameSignerDescription—————————04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162ADV64DRV.sys”FUJITSU LIMITED...

Shodan searches

Reading Time: < 1 minuteLink for all options : https://beta.shodan.io/search/filters Negate searches can be done with ! Searching via the API is even more simpler and more powerfull. Small example of a script to generate IP list + certs of hosts that match...

JARM for XSOAR (demisto)

Reading Time: < 1 minuteAdding this little extra check of JARM when checking a beacon alert (from RITA) Code can be found here :...

JA3 and JA3S or the new JARM

Reading Time: < 1 minuteThere are many sites who wrote about this TLS/SSL fingerprinting method. https://github.com/salesforce/ja3 https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a JA3 and JA3S are passive...

Privilege Escalation via the registry

Reading Time: < 1 minutereg query HKLM\SYSTEM\CurrentControlSet\Services\regsvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\regsvcType REG_DWORD 0x10Start REG_DWORD 0x3ErrorControl REG_DWORD 0x1ImagePath REG_EXPAND_SZ “C:\Program Files\Insecure...