by frank | Jul 7, 2023 | Blue Team, Red team, Security, Windows
Reading Time: 2 minutesLast few days, I’ve been playing with the WFP componant of Windows. WFP = Windows Filtering platform Many informations blogs are existing like the great one from Pavel who really deeped dive into it which I recommand to read Introduction...
by frank | Mar 11, 2022 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesGithub repo for the tool of Antonio Cocomazzi @splinter_code and Andrea Pierini @decoder_it : https://github.com/antonioCoco/RemotePotato0 Potato what ? In the last few years, we saw tools likes RottenPotato, RottenPotatoN, SweetPotato, Juicy...
by frank | Jan 24, 2022 | Blue Team, Red team, Security, Windows
Reading Time: 6 minutesIn this post, I will explore the RBCD WebClient attack which has been described in many tweets and other forums, but I wanted to understand the main intricasis as I was learning it during a pentest engagement I had the chance to work on. I...
by frank | Jul 23, 2021 | Blue Team, Pwn, Red team, Security, Windows
Reading Time: 4 minutesAll links of articles and tools at the bottom of the page There is nothing new i’ve discovered, this is just a few printscreens of what other people on Twitter were talking and I tested in my Lab to realise the gravity of this ! Since...
by frank | May 4, 2021 | Blue Team, Palo Alto, Security
Reading Time: < 1 minuteDidier Stevens created a great little script called metatool.py You can find it here : https://blog.didierstevens.com/2021/04/18/metatool-py/ In my lab, I have a bro/zeek with a span port which catches the entire outgoing traffic to the...
by frank | Feb 10, 2021 | AV, Blue Team, Security, Windows
Reading Time: < 1 minuteSysInternals, did promised it, and they delivered. Version 13 of Sysmon now comes with Id Event 25 which detects process hollowing and herpapining. This off course, would mainly be used by attackers when targeting systems which have a GPO...
Recent Comments