Pi-Hole + DOH (DNS over HTTPS)

by | Nov 13, 2019 | Misc, Privacy, Security

Reading Time: < 1 minuteWant to bring more privacy to your home network ? Personnaly I installed a small raspberry Pi 3b running Raspbian and then installed Pi-Hole : https://pi-hole.net/ Simple step-by-step documentation here :...

Rename Functions for AV signature evading

by | Oct 25, 2019 | AV, Red team, Security, Windows

Reading Time: < 1 minute For academic purpose only.The used of some functions can trigger singature based Anti Virus detection. Example : SystemFunction032 or SamEnumerateUsersInDomain used in same particular programs.in this example let’s try to hide the...

Disabling NBS-NT

by | Sep 21, 2019 | Blue Team, Windows

Reading Time: 1 minute Disabling NetBIOS over TCP/IP can be done through the registry: Go to HKLM:SYSTEMCurrentControlSetservicesNetBTParametersInterfaces For each connection, then set NetbiosOptions = 2 or by a Powershell script. Found this one which worked fine :...

DNS CAA Records

by | Sep 20, 2019 | Blue Team, Security

Reading Time: 1 minute As per RFC : CAA records assert a security policy that the holder of a domain name wishes to be observed by certificate issuers. The effectiveness of CAA records as an access control mechanism is thus dependent on observance of CAA constraints...

Cortex XDR Traps Ransomware module

by | Sep 19, 2019 | Palo Alto, Red team, Security

Reading Time: < 1 minute If you see files likes below = NO PANIC !  zzzz346468454.txt  !!!!4873487.doc  XORXOR131395328.pem  zzzzz1128386401.png  ZZZZZ4032929292.pptx  !!!!!28748750874.pst  !!!!!195855848565.bmp  XORXOR394587587.pdf   You are probably...

Mimikatz

by | Aug 12, 2019 | Red team, Security, Windows

Reading Time: 2 minutes    Official Doc : https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa   Dump memory of LSASS :   Don’t forget you need to be admin to be able to do it.   with ProcDump from Sysinternals :      procdump.exe -accepteula -ma...