Hashcat

Reading Time: < 1 minutehttps://hashcat.net/hashcat/ and https://github.com/hashcat It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute...

Defenses against Mimikatz

Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...

Unhide Excel Sheet tab

Reading Time: < 1 minuteLittle trick a great colleague showed me to unhide a sheet in Excel : In powershell $objExcel = New-Object -ComObject Excel.Application $objExcel.Visible = $true $WorkBook = $objExcel.Workbooks.Open(“C:\Temp\hiddensheet.xls”)...

Sysmon hide and seek

Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...

Powershell usefull commands

Reading Time: < 1 minutepowershell Get-ExecutionPolicy powershell Get-Authenticode c:\temp\myscript.ps1 Specify version powershell -Version 2 cat powershell Get-Content C:\Windows\System32\Inetsrv\Config\administration.config ls powershell Get-ChildItem -Path...

IOCs are dead ?

Reading Time: 2 minutesWith the cloud technologies, i think one can slowly come to the conclusion that IOCs should not be relied only ! Bad actors can move of source IP so easily and the fact that all Threat Intelligence do their own lists, there is a great...

Traps XDR Cortex Palo Alto

Reading Time: < 1 minuteFrom the documentation Traps or now called Cortex XDR has several modules. The main prevention against malware is the BTP (Behaviour Treat Protection ). Palo Alto has increased prevention drastically since version 5 and since version 7. It...