I made a quick an dirty detection script within incident response that searches a bit deeper for LSASS dumps and other artefacts from attackers. Update 08.12: This script does not detect artefacts used in current attacks (late october till now)!Read More
Due to a server issue on my mail server I had to put the dovecot, a mail-server for Linux, in debug mode. Meaning that from now on it logs whatsoever happens on the machine for troubleshooting.
1 2 3 | !include_try /usr/share/dovecot/protocols.d/*.protocol mail_debug=no auth_debug=yes |
My problem wasRead More
Companies are focusing a lot of time trying to secure the email system against attacks from the outside, like (spear-) phishing, malware and other threats. A customer asked me today for ideas for threats he could hunt for in hisRead More
Short list of stuff you need to get the POC running pip3 install fastecdsa apt-get install openssl sudo apt install python-dev libgmp3-dev apt-get install libmpc-dev pip3 install gmpy2 POC: https://github.com/kudelskisecurity/chainoffools
Today i want to share with you a “bug” in notepad.exe that you might want to play around with and look what really happens, might be a intersting little reversing project. My limited time currently does not allow me toRead More
Researchers detected a privilege escalation flaw in Windows Certificate Dialog (CVE-2019-1388) exploited in the wild with hhupd.exe. A privilege escalation is a security flaw by which a user with limited access to IT systems can increase the scope and scaleRead More
Intro The goal of this research was to create a small dropper that could evade detection in the popular App.Any.Run sandbox solution, yet still determine if it was running in the sandbox or not. It is not 100% certain thatRead More
While currently attending SANS SEC660 we did play a lot with empire post exploitation framework on the second day. So i used the time between the lab challenges today to play a bit with the C&C server. Detect Empire C&CRead More
“I am the watcher of the walls, i am the sword in the darkness” While attending the SANS course SEC660, Advanced Penetration Testing, Exploit Writing, and Ethical Hacking in Tokyo, i also took part in the Cyber Defense NetWars challenge.Read More