by frank | Apr 28, 2020 | AV, Blue Team, Malware, Security, Windows
Reading Time: 5 minutesI got given by a friend a malicious Excel file that he analyzed as I’m eager to learn more I’m not familiar with MS-Office forensic techniques, hencewhy I found this interesting to look into during my evenings. First, when uploading...
by frank | Apr 23, 2020 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...
by frank | Apr 17, 2020 | Blue Team, Security
Reading Time: 2 minutesWith the cloud technologies, i think one can slowly come to the conclusion that IOCs should not be relied only ! Bad actors can move of source IP so easily and the fact that all Threat Intelligence do their own lists, there is a great...
by frank | Apr 8, 2020 | Palo Alto, Security
Reading Time: < 1 minuteFrom the documentation Traps or now called Cortex XDR has several modules. The main prevention against malware is the BTP (Behaviour Treat Protection ). Palo Alto has increased prevention drastically since version 5 and since version 7. It...
by frank | Apr 6, 2020 | Blue Team, Red team, Security
Reading Time: 2 minutesIn this second part I will briefly talk about using proper SSL Certificates and Second stage encoders. Using Let’s Encrypt SSL Cert with Meterpreter The goal of using proper certificates, is that most blue teams, will block access to self...
by frank | Mar 26, 2020 | Blue Team, Palo Alto, Security, Windows
Reading Time: 4 minutesBefore reading note: for practical reasons (time consuming) not all the printscreen shots have been made with same settings (ip addresses mainly i used once 192.168.150.196 and sometimes 192.168.1.71) For tests i created a simple reverse_http...
Recent Comments