by frank | Apr 23, 2020 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...
by frank | Apr 6, 2020 | Blue Team, Red team, Security
Reading Time: 2 minutesIn this second part I will briefly talk about using proper SSL Certificates and Second stage encoders. Using Let’s Encrypt SSL Cert with Meterpreter The goal of using proper certificates, is that most blue teams, will block access to self...
by frank | Mar 6, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...
by frank | Feb 26, 2020 | Blue Team, Palo Alto, Red team
Reading Time: < 1 minuteDNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition,...
by frank | Jan 27, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteThere is a few known ways. The easiest 1st method is to listen to LLMNR broadcast. By Using Responder, our device will publish be the target and the victim will send it’s creds to us as we are acting as MITM (Men in the Middle) Same...
by frank | Dec 13, 2019 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteWhen in the service definition path there is no quotes, the path can be interpreted differently by the OS. A service path with c:\progam files\sub dir\program name can be seen as follow ! c:\program.exe files\sub dir\program name c:\program...
Recent Comments