Lsass Minidump file seen as Malicious by McAfee AV

Reading Time: 3 minutesThe other day, I was shadowing a colleague of me who was doing a red team. The client was running McAfee AV. While the reputation of that AV isn’t the best, it got a bit in the way for a few minutes. After doing a lateral movement, my...

Cortex XDR components

Reading Time: < 1 minuteWdFilter.sys : antimalware, malware WdNisDrv.sys : defender cyvrfsfd.sys : Palo Alto Networks cyvrlpc.sys : Palo Alto Networks tedrdrv.sys : Palo Alto Networks cyvrmtgn.sys : Palo Alto Networks cyverak.sys : cyvera, Palo Alto Networks...

Rename Functions for AV signature evading

Reading Time: < 1 minute For academic purpose only.The used of some functions can trigger singature based Anti Virus detection. Example : SystemFunction032 or SamEnumerateUsersInDomain used in same particular programs.in this example let’s try to hide the...