Defenses against Mimikatz

Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...

Sysmon hide and seek

Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...

Persistence via Keepass config file

Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...

Phishing with typo squatting tool

Reading Time: < 1 minuteDNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition,...