BLOG

I made a quick an dirty detection script within incident response that searches a bit deeper for LSASS dumps and other artefacts from attackers. It is kinda quick and dirty so use at youre own risk.It had a detection forRead More

Due to a server issue on my mail server I had to put the dovecot, a mail-server for Linux, in debug mode. Meaning that from now on it logs whatsoever happens on the machine for troubleshooting.

My problem wasRead More

Companies are focusing a lot of time trying to secure the email system against attacks from the outside, like (spear-) phishing, malware and other threats. A customer asked me today for ideas for threats he could hunt for in hisRead More

Short list of stuff you need to get the POC running pip3 install fastecdsa apt-get install openssl sudo apt install python-dev libgmp3-dev apt-get install libmpc-dev pip3 install gmpy2 POC: https://github.com/kudelskisecurity/chainoffools

Today i want to share with you a “bug” in notepad.exe that you might want to play around with and look what really happens, might be a intersting little reversing project. My limited time currently does not allow me toRead More

There is a privilege escalation vulnerability in the Windows Certificate Dialog allowing an attacker to easily elevate privileges to NT AUTHORITY\SYSTEM, it is documented as CVE-2019-1388. This is a good video demonstrating the issue: https://www.youtube.com/watch?v=3BQKpPNlTSo in this case they useRead More

The goal of the research was to create a small dropper that creates no detection within the famous App.Any.Run Sandbox solution but can still determine if its running in the sandbox or not.For now, i cant tell if that alsoRead More

While currently attending SANS SEC660 we did play a lot with empire post exploitation framework on the second day. So i used the time between the lab challenges today to play a bit with the C&C server. Detect Empire C&CRead More

“I am the watcher of the walls, i am the sword in the darkness” While attending the SANS course SEC660, Advanced Penetration Testing, Exploit Writing, and Ethical Hacking in Tokyo, i also took part in the Cyber Defense NetWars challenge.Read More