by frank | Apr 23, 2020 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...
by frank | Apr 21, 2020 | Misc, Windows
Reading Time: < 1 minutepowershell Get-ExecutionPolicy powershell Get-Authenticode c:\temp\myscript.ps1 Specify version powershell -Version 2 cat powershell Get-Content C:\Windows\System32\Inetsrv\Config\administration.config ls powershell Get-ChildItem -Path...
by frank | Mar 26, 2020 | Blue Team, Palo Alto, Security, Windows
Reading Time: 4 minutesBefore reading note: for practical reasons (time consuming) not all the printscreen shots have been made with same settings (ip addresses mainly i used once 192.168.150.196 and sometimes 192.168.1.71) For tests i created a simple reverse_http...
by frank | Mar 6, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...
by frank | Jan 27, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteThere is a few known ways. The easiest 1st method is to listen to LLMNR broadcast. By Using Responder, our device will publish be the target and the victim will send it’s creds to us as we are acting as MITM (Men in the Middle) Same...
by frank | Dec 13, 2019 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteWhen in the service definition path there is no quotes, the path can be interpreted differently by the OS. A service path with c:\progam files\sub dir\program name can be seen as follow ! c:\program.exe files\sub dir\program name c:\program...
Recent Comments