I made a quick an dirty detection script within incident response that searches a bit deeper for LSASS dumps and other artefacts from attackers. Update 08.12: This script does not detect artefacts used in current attacks (late october till now)!Read More
Due to a server issue on my mail server I had to put the dovecot, a mail-server for Linux, in debug mode. Meaning that from now on it logs whatsoever happens on the machine for troubleshooting.
1 2 3 | !include_try /usr/share/dovecot/protocols.d/*.protocol mail_debug=no auth_debug=yes |
My problem wasRead More
Companies are focusing a lot of time trying to secure the email system against attacks from the outside, like (spear-) phishing, malware and other threats. A customer asked me today for ideas for threats he could hunt for in hisRead More
Short list of stuff you need to get the POC running pip3 install fastecdsa apt-get install openssl sudo apt install python-dev libgmp3-dev apt-get install libmpc-dev pip3 install gmpy2 POC: https://github.com/kudelskisecurity/chainoffools
Today i want to share with you a “bug” in notepad.exe that you might want to play around with and look what really happens, might be a intersting little reversing project. My limited time currently does not allow me toRead More
There is a privilege escalation vulnerability in the Windows Certificate Dialog allowing an attacker to easily elevate privileges to NT AUTHORITY\SYSTEM, it is documented as CVE-2019-1388. This is a good video demonstrating the issue: https://www.youtube.com/watch?v=3BQKpPNlTSo in this case they useRead More
The goal of the research was to create a small dropper that creates no detection within the famous App.Any.Run Sandbox solution but can still determine if its running in the sandbox or not.For now, i cant tell if that alsoRead More
While currently attending SANS SEC660 we did play a lot with empire post exploitation framework on the second day. So i used the time between the lab challenges today to play a bit with the C&C server. Detect Empire C&CRead More
“I am the watcher of the walls, i am the sword in the darkness” While attending the SANS course SEC660, Advanced Penetration Testing, Exploit Writing, and Ethical Hacking in Tokyo, i also took part in the Cyber Defense NetWars challenge.Read More