Persistence via Keepass config file

Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...

Phishing with typo squatting tool

Reading Time: < 1 minuteDNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition,...

Unquoted service paths

Reading Time: < 1 minuteWhen in the service definition path there is no quotes, the path can be interpreted differently by the OS. A service path with c:\progam files\sub dir\program name can be seen as follow ! c:\program.exe files\sub dir\program name c:\program...

Disabling NBS-NT

Reading Time: 1 minute Disabling NetBIOS over TCP/IP can be done through the registry: Go to HKLM:SYSTEMCurrentControlSetservicesNetBTParametersInterfaces For each connection, then set NetbiosOptions = 2 or by a Powershell script. Found this one which worked fine :...