by frank | May 4, 2021 | Blue Team, Palo Alto, Security
Reading Time: < 1 minuteDidier Stevens created a great little script called metatool.py You can find it here : https://blog.didierstevens.com/2021/04/18/metatool-py/ In my lab, I have a bro/zeek with a span port which catches the entire outgoing traffic to the...
by frank | Mar 9, 2021 | Misc, Security
Reading Time: < 1 minuteQuick notes to remember Custom Tenable Custom plugins Adding custom NASL plugins to Tenable Nessus vi custom_feed_info.inccontent =PLUGIN_SET = “202109291526”;PLUGIN_FEED = “Custom”; vi toto.nasl script_id(900005);...
by frank | Mar 1, 2021 | AV, Red team, Security, Windows
Reading Time: 2 minutesUpdated on 2 Nov 2021 with new SentinelOne version 21.6.2.272 A very small little post, of a little experiment I did in my lab. I’ve used the nice and interesting code of Ausurusrex (...
by frank | Feb 10, 2021 | AV, Blue Team, Security, Windows
Reading Time: < 1 minuteSysInternals, did promised it, and they delivered. Version 13 of Sysmon now comes with Id Event 25 which detects process hollowing and herpapining. This off course, would mainly be used by attackers when targeting systems which have a GPO...
by frank | Jan 8, 2021 | Blue Team, C2C, Security
Reading Time: < 1 minuteFollowing the really interesting article of Tek : https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ Where he described how to get a valid URL for CobaltStrike, I tried to check if it was the same for...
by frank | Jan 5, 2021 | AV, Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteDriver : SentinelMonitor Altitude 389040 Services: Name=LogProcessorService; DisplayName=SentinelOne Agent Log Processing Service; ServiceName=LogProcessorServiceName=SecurityHealthService; DisplayName=Windows Security Service;...
by frank | Jan 4, 2021 | AV, Blue Team, Red team, Security, Windows
Reading Time: 2 minutesYou can download this CSV file here <==== SHA256NameSignerDescription—————————04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162ADV64DRV.sys”FUJITSU LIMITED...
by frank | Dec 14, 2020 | Security
Reading Time: < 1 minuteLink for all options : https://beta.shodan.io/search/filters Negate searches can be done with ! Searching via the API is even more simpler and more powerfull. Small example of a script to generate IP list + certs of hosts that match...
by frank | Dec 14, 2020 | Security
Reading Time: < 1 minuteAdding this little extra check of JARM when checking a beacon alert (from RITA) Code can be found here :...
by frank | Dec 14, 2020 | Security
Reading Time: < 1 minuteThere are many sites who wrote about this TLS/SSL fingerprinting method. https://github.com/salesforce/ja3 https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a JA3 and JA3S are passive...
Recent Comments