by frank | Dec 14, 2020 | Security
Reading Time: < 1 minuteAdding this little extra check of JARM when checking a beacon alert (from RITA) Code can be found here :...
by frank | Dec 14, 2020 | Security
Reading Time: < 1 minuteThere are many sites who wrote about this TLS/SSL fingerprinting method. https://github.com/salesforce/ja3 https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a JA3 and JA3S are passive...
by frank | Nov 28, 2020 | Palo Alto, Red team, Security
Reading Time: < 1 minute With traps, there is the possibility to do Password Theft Protection against mimikatz. I’ve tested (on version 6.0.1.7362 ) and indeed, a dump of a lsass process can no longer be inspected by Mimikatz. Unfortunatly for clients, a good...
by frank | Nov 23, 2020 | Red team, Security, Windows
Reading Time: < 1 minutereg query HKLM\SYSTEM\CurrentControlSet\Services\regsvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\regsvcType REG_DWORD 0x10Start REG_DWORD 0x3ErrorControl REG_DWORD 0x1ImagePath REG_EXPAND_SZ “C:\Program Files\Insecure...
by frank | Nov 23, 2020 | AV, Red team, Security, Windows
Reading Time: < 1 minuteA few techniques to avoid AV or EDR detection rundll32 C:\windows\system32\comsvcs.dll MiniDump “[LSASS_PID] dump.bin full” 2. procdump <process id> instead of the word lsass Signed Executable which can be used also 3....
by frank | Nov 16, 2020 | AV, Blue Team, Security
Reading Time: 4 minutesMSF (Metasploit) version 6. Network possible detection ? OJ ( @TheColonial ) is a clever guy and a main contributor to the open source project of Metasploit. One of MSF6’s goal is to get rid of Strings in order to fly even lower … so close to...
Recent Comments