by frank | Jul 3, 2020 | Pwn, Red team, Security
Reading Time: < 1 minutehttps://hashcat.net/hashcat/ and https://github.com/hashcat It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute...
by frank | Jul 1, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...
by frank | Jun 8, 2020 | Blue Team, Security
Reading Time: < 1 minuteI stumbled on an article from . In his description he has reliazed that the meterpreter return “It works” return one byte short the standard message. The original sha256 of the index.html is :...
by frank | Apr 28, 2020 | Blue Team, Security
Reading Time: < 1 minuteLittle trick a great colleague showed me to unhide a sheet in Excel : In powershell $objExcel = New-Object -ComObject Excel.Application $objExcel.Visible = $true $WorkBook = $objExcel.Workbooks.Open(“C:\Temp\hiddensheet.xls”)...
by frank | Apr 28, 2020 | AV, Blue Team, Malware, Security, Windows
Reading Time: 5 minutesI got given by a friend a malicious Excel file that he analyzed as I’m eager to learn more I’m not familiar with MS-Office forensic techniques, hencewhy I found this interesting to look into during my evenings. First, when uploading...
by frank | Apr 23, 2020 | Blue Team, Red team, Security, Windows
Reading Time: 3 minutesSysmon is an official SysInternals driver that let’s you log all what is happening to a Windows machine. I will not drill down here what it is capable of and how important it is to have it running on your company assets and to get them to...
by frank | Apr 21, 2020 | Misc, Windows
Reading Time: < 1 minutepowershell Get-ExecutionPolicy powershell Get-Authenticode c:\temp\myscript.ps1 Specify version powershell -Version 2 cat powershell Get-Content C:\Windows\System32\Inetsrv\Config\administration.config ls powershell Get-ChildItem -Path...
by frank | Apr 17, 2020 | Blue Team, Security
Reading Time: 2 minutesWith the cloud technologies, i think one can slowly come to the conclusion that IOCs should not be relied only ! Bad actors can move of source IP so easily and the fact that all Threat Intelligence do their own lists, there is a great...
by frank | Apr 8, 2020 | Palo Alto, Security
Reading Time: < 1 minuteFrom the documentation Traps or now called Cortex XDR has several modules. The main prevention against malware is the BTP (Behaviour Treat Protection ). Palo Alto has increased prevention drastically since version 5 and since version 7. It...
by frank | Apr 6, 2020 | Blue Team, Red team, Security
Reading Time: 2 minutesIn this second part I will briefly talk about using proper SSL Certificates and Second stage encoders. Using Let’s Encrypt SSL Cert with Meterpreter The goal of using proper certificates, is that most blue teams, will block access to self...
Recent Comments