BLOG
Cortex XDR Traps Ransomware module
If you see files likes below = NO PANIC ! zzzz346468454.txt !!!!4873487.doc XORXOR131395328.pem zzzzz1128386401.png ZZZZZ4032929292.pptx !!!!!28748750874.pst !!!!!195855848565.bmp XORXOR394587587.pdf You are probably experimenting the display of the...
Windows Persistance
Very interesting article and tool from Fireeye https://www.fireeye.com/blog/threat-research/2019/09/sharpersist-windows-persistence-toolkit.html
Find which AV is installed on the Windows hosts
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List Example Windows ATP (Advanced Threat Protection) will come up as "Windows Defender". To know if ATP is installed check reg key :...
Mimikatz
Official Doc : https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa Dump memory of LSASS : Don't forget you need to be admin to be able to do it. with ProcDump from Sysinternals : procdump.exe -accepteula -ma lsass.exe lsass.dmp or if not...
Pwnagotchi
cheat sheet Pwnagotchi Data Plug : the one in the middle 1st connection. Download driver : https://modclouddownloadprod.blob.core.windows.net/shared/mod-rndis-driver-windows.zip Unzip the driver zip folder. Plug in Pwnagotchi Go to your Device Manager Find your...
Checkpoint export config
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120342