by frank | Oct 24, 2022 | Palo Alto, Red team, Security
Reading Time: 2 minutesSince Mr. D0x post on XDR : https://twitter.com/mrd0x/status/1514318257112637440 things have improved. https://mrd0x.com/cortex-xdr-analysis-and-bypass/ Palo Alto has introduced an cipher to crypt the techsupport file. Password to be calculated...
by frank | May 4, 2021 | Blue Team, Palo Alto, Security
Reading Time: < 1 minuteDidier Stevens created a great little script called metatool.py You can find it here : https://blog.didierstevens.com/2021/04/18/metatool-py/ In my lab, I have a bro/zeek with a span port which catches the entire outgoing traffic to the...
by frank | Nov 28, 2020 | Palo Alto, Red team, Security
Reading Time: < 1 minute With traps, there is the possibility to do Password Theft Protection against mimikatz. I’ve tested (on version 6.0.1.7362 ) and indeed, a dump of a lsass process can no longer be inspected by Mimikatz. Unfortunatly for clients, a good...
by frank | Oct 13, 2020 | Palo Alto, Security
Reading Time: < 1 minuteseverity-> Unknown (0), Informational (0.5), Low (1), Medium (2), High (3), Critical (4) To create a new docker with some lib dependancies (or update current one) /docker_image_create name=testdocker base=demisto/python3...
by frank | Apr 8, 2020 | Palo Alto, Security
Reading Time: < 1 minuteFrom the documentation Traps or now called Cortex XDR has several modules. The main prevention against malware is the BTP (Behaviour Treat Protection ). Palo Alto has increased prevention drastically since version 5 and since version 7. It...
by frank | Mar 26, 2020 | Blue Team, Palo Alto, Security, Windows
Reading Time: 4 minutesBefore reading note: for practical reasons (time consuming) not all the printscreen shots have been made with same settings (ip addresses mainly i used once 192.168.150.196 and sometimes 192.168.1.71) For tests i created a simple reverse_http...
Recent Comments