OWA Breach detection script

Posted on : by : Lion

I made a quick an dirty detection script within incident response that searches a bit deeper for LSASS dumps and other artefacts from attackers. Update 08.12: This script does not detect artefacts used in current attacks (late october till now)!Read More

How Microsoft (could) spy on you with Outlook for Android

Posted on : by : Lion

Due to a server issue on my mail server I had to put the dovecot, a mail-server for Linux, in debug mode. Meaning that from now on it logs whatsoever happens on the machine for troubleshooting.

My problem wasRead More

Suspicious activities you can hunt for in the external e-mail communication

Posted on : by : Lion

Companies are focusing a lot of time trying to secure the email system against attacks from the outside, like (spear-) phishing, malware and other threats. A customer asked me today for ideas for threats he could hunt for in hisRead More

Requirements for chainoffools CVE-2020-0601 POC exploit

Posted on : by : Lion

Short list of stuff you need to get the POC running pip3 install fastecdsa apt-get install openssl sudo apt install python-dev libgmp3-dev apt-get install libmpc-dev pip3 install gmpy2 POC: https://github.com/kudelskisecurity/chainoffools

Notepad.exe fail fast while accessing ADS streams

Posted on : by : Lion

Today i want to share with you a “bug” in notepad.exe that you might want to play around with and look what really happens, might be a intersting little reversing project. My limited time currently does not allow me toRead More

Critical Vulnerability: CVE-2019-1388 privilege escalation exploit in the wild (hhupd.exe)!

Posted on : by : Lion

Researchers detected a privilege escalation flaw in Windows Certificate Dialog (CVE-2019-1388) exploited in the wild with hhupd.exe. A privilege escalation is a security flaw by which a user with limited access to IT systems can increase the scope and scaleRead More

Expert Malware Analysis Research: Uncover Next-Gen Sandbox Detection Bypass Techniques

Intro The goal of this research was to create a small dropper that could evade detection in the popular App.Any.Run sandbox solution, yet still determine if it was running in the sandbox or not. It is not 100% certain thatRead More

Empire C&C server detection

Posted on by : Lion Tags: , ,

While currently attending SANS SEC660 we did play a lot with empire post exploitation framework on the second day. So i used the time between the lab challenges today to play a bit with the C&C server. Detect Empire C&CRead More

Cyber Defense NetWars Review Tokio 2019

Posted on : by : Lion

“I am the watcher of the walls, i am the sword in the darkness” While attending the SANS course SEC660, Advanced Penetration Testing, Exploit Writing, and Ethical Hacking in Tokyo, i also took part in the Cyber Defense NetWars challenge.Read More