by frank | Jan 25, 2022 | Security
Reading Time: < 1 minuteFollowing reading an article from @CyberWarship : https://twitter.com/CyberWarship/status/1485623439633362946 The following test was done in my lab. in a share that users are connected on, create a file called...
by frank | Jan 24, 2022 | Blue Team, Red team, Security, Windows
Reading Time: 6 minutesIn this post, I will explore the RBCD WebClient attack which has been described in many tweets and other forums, but I wanted to understand the main intricasis as I was learning it during a pentest engagement I had the chance to work on. I...
by frank | Dec 30, 2021 | Security
Reading Time: < 1 minuteA tiny articles to show that I implemented a Log4J scanner into XDR as a script you can run. XDR is not a vulnerability management tool, even do host-insight offers some kind of list of vulnerabilities. I used the original code created by...
by frank | Oct 26, 2021 | Security
Reading Time: 2 minutesThis will be a very very small note article. When running Responder you might have gotten back hashes or while dumping LSASS memory or doing a DCSync. You might have read about the value : AAD3B435B51404EEAAD3B435B51404EE or from the NTDIS file...
by frank | Sep 16, 2021 | Security
Reading Time: 4 minutesPart 1 out of 3 WEC = WEF = Windows event collection are different words but are all refering to the same functionality. If there is one thing I’ve learned over the last year. Hardly nobody has a full proof cybersecurity system. And I read...
by frank | Jul 23, 2021 | Blue Team, Pwn, Red team, Security, Windows
Reading Time: 4 minutesAll links of articles and tools at the bottom of the page There is nothing new i’ve discovered, this is just a few printscreens of what other people on Twitter were talking and I tested in my Lab to realise the gravity of this ! Since...
by frank | May 4, 2021 | Blue Team, Palo Alto, Security
Reading Time: < 1 minuteDidier Stevens created a great little script called metatool.py You can find it here : https://blog.didierstevens.com/2021/04/18/metatool-py/ In my lab, I have a bro/zeek with a span port which catches the entire outgoing traffic to the...
by frank | Mar 9, 2021 | Misc, Security
Reading Time: < 1 minuteQuick notes to remember Custom Tenable Custom plugins Adding custom NASL plugins to Tenable Nessus vi custom_feed_info.inccontent =PLUGIN_SET = “202109291526”;PLUGIN_FEED = “Custom”; vi toto.nasl script_id(900005);...
by frank | Mar 1, 2021 | AV, Red team, Security, Windows
Reading Time: 2 minutesUpdated on 2 Nov 2021 with new SentinelOne version 21.6.2.272 A very small little post, of a little experiment I did in my lab. I’ve used the nice and interesting code of Ausurusrex (...
by frank | Feb 10, 2021 | AV, Blue Team, Security, Windows
Reading Time: < 1 minuteSysInternals, did promised it, and they delivered. Version 13 of Sysmon now comes with Id Event 25 which detects process hollowing and herpapining. This off course, would mainly be used by attackers when targeting systems which have a GPO...
Recent Comments