“EDRKillShifter” is a type of malware specifically designed to disable Endpoint Detection and Response (EDR) security software on a system, allowing attackers to carry out malicious activities like deploying ransomware without detection; it is considered a sophisticated tool often used by cybercriminals to evade security measures. Key points about EDRKillShifter: Function: Its primary purpose is Read More …
Category: Computers
New Video – Assembly Primer For Hackers – Hello World
This is new video I found some time ago, when I was entertaining the thought of getting the OSCP. Assembly Primer For Hackers – Hello World
How to change user agent in nmap
NMAP How to change user agent You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments) local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)” You can change the value with this line local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; MSIE 9.0; Read More …
AWS Notes – AWS Pentesting
An Opinionated Ramp Up Guide to AWS Pentesting https://awssecuritydigest.com/articles/opinionated-ramp-up-guide-to-aws-pentesting https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58 Understanding the Shared Responsibility Model https://www.wiz.io/academy/shared-responsibility-model fwd:cloudsec https://fwdcloudsec.org/ AWS Customer Support Policy for Penetration Testing https://aws.amazon.com/security/penetration-testing/ Also, read this and follow the AWS pentesting rules. Cloud Tests One is a review of the external facing posture, which you can consider adjacent to a traditional External Read More …
Looking at Attack Surface Mapping
Hot Take Incomming……. Warning…… I am going to come right out and say it, and it will sound completely arrogant, but I think the majority of Attack Surface Mapping vendors out there are doing it wrong. ASM for those who are new to blogs like these, stands for Attack Surface Mapping. This process is meant Read More …
AuKill EDR Post
Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …
Hook Chain EDR Kill
Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …
Notes on “Paved Road”
Lessons from Securing Internal Applications WebappSec Link Building a Security Platform Engineering Team “”” I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to Read More …
2 AD or not 2 AD
To AD or not to AD, that is the question. Whether ’tis nobler to continue patching The slings and of the security researchers, Or to take arms against a sea of criminal adversaries And by opposing end them. To die to AD? No more? and by a decommission to say we end AD? The heartache Read More …