BLOG
Traps XDR Cortex Palo Alto
From the documentation Traps or now called Cortex XDR has several modules. The main prevention against malware is the BTP (Behaviour Treat Protection ). Palo Alto has increased prevention drastically since version 5 and since version 7. It works really differently...
Meterpreter how does it communicate ? between device and the MSF (part 2)
In this second part I will briefly talk about using proper SSL Certificates and Second stage encoders. Using Let's Encrypt SSL Cert with Meterpreter The goal of using proper certificates, is that most blue teams, will block access to self signed certs web sites. So...
Meterpreter reverse_http how does it communicate ? between device and the MSF (part 1)
Before reading note: for practical reasons (time consuming) not all the printscreen shots have been made with same settings (ip addresses mainly i used once 192.168.150.196 and sometimes 192.168.1.71) For tests i created a simple reverse_http meterpreter build with...
Demisto 1st hand issues and my first playbook on my home lab
My first installation was done by download the OVA and not by installating the linux package. 1st issue encountered, in the welcome example they propose to do a !whois domainname in the dBOT. Well if you haven't configured the integrations of whois, this won't work....
Hashcat GPU Nvidia issue under VMware
I was re-installing on a fresh new copy of Ubuntu server 19.10 the tools, and I didn't get to get it working. I've followed this guide which isn't too bad : https://www.alexanderjsingleton.com/infosexy-how-to-use-hashcat-to-crack-passwords-in-ubuntu-18-04/ lshw -c...
Persistence via Keepass config file
A lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released by FireEye :...