by frank | Mar 26, 2020 | Blue Team, Palo Alto, Security, Windows
Reading Time: 4 minutesBefore reading note: for practical reasons (time consuming) not all the printscreen shots have been made with same settings (ip addresses mainly i used once 192.168.150.196 and sometimes 192.168.1.71) For tests i created a simple reverse_http...
by frank | Mar 25, 2020 | Palo Alto, Security
Reading Time: 3 minutesMy first installation was done by download the OVA and not by installating the linux package. 1st issue encountered, in the welcome example they propose to do a !whois domainname in the dBOT. Well if you haven’t configured the integrations...
by frank | Mar 22, 2020 | Misc, Security, Vmware
Reading Time: < 1 minuteI was re-installing on a fresh new copy of Ubuntu server 19.10 the tools, and I didn’t get to get it working. I’ve followed this guide which isn’t too bad :...
by frank | Mar 6, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteA lot of persistance methods can be found and detected by Autoruns from SysInternals (also linked to VirusTotal) A less known method and less detectable persistance method is the Keepass config file. This is automated via the tool released...
by frank | Feb 26, 2020 | Blue Team, Palo Alto, Red team
Reading Time: < 1 minuteDNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition,...
by frank | Jan 27, 2020 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteThere is a few known ways. The easiest 1st method is to listen to LLMNR broadcast. By Using Responder, our device will publish be the target and the victim will send it’s creds to us as we are acting as MITM (Men in the Middle) Same...
by frank | Jan 20, 2020 | Debug, Misc
Reading Time: < 1 minuteImagine you want to explore and check some content of a repository, but you don’t need the repo on your machine. Example: https://github.com/evilsocket/pwnagotchi Now try the following :...
by frank | Dec 31, 2019 | Palo Alto, Privacy, Security
Reading Time: < 1 minute On Friday the 20th of December 2019 we realized that for a customer, the files that were analyzed by the Wildfire of PaloAltoNetworks via the TMS in Europe was using the Wildfire engine based in the US ! I raised an ticket, and with the...
by frank | Dec 19, 2019 | Misc, Palo Alto, Privacy, Security
Reading Time: < 1 minuteIn order to set Wildfire not to send to the American Global Wildfire. In PAN OS Device > Setup > WildFire and edit value to eu.wildfire.paloaltonetworks.com If you want less security because there is a requirements that no data is...
by frank | Dec 13, 2019 | Blue Team, Red team, Security, Windows
Reading Time: < 1 minuteWhen in the service definition path there is no quotes, the path can be interpreted differently by the OS. A service path with c:\progam files\sub dir\program name can be seen as follow ! c:\program.exe files\sub dir\program name c:\program...
Recent Comments