Sysmon hide and seek

Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...

IOCs are dead ?

Reading Time: 2 minutesWith the cloud technologies, i think one can slowly come to the conclusion that IOCs should not be relied only ! Bad actors can move of source IP so easily and the fact that all Threat Intelligence do their own lists, there is a great...

Persistence via Keepass config file

Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...

Phishing with typo squatting tool

Reading Time: < 1 minuteDNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition,...