Tools » 1bluebass

powershell code – Find computers

Posted on 2024-11-132024-11-11 by tmack

To find a single machine and the date it last logged on Get-ADComputer -identity SRV-DB01 -Properties * | FT Name, LastLogonDate -Autosize Find all the machines Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

EDRKillShifter

Posted on 2024-11-012024-10-27 by tmack

“EDRKillShifter” is a type of malware specifically designed to disable Endpoint Detection and Response (EDR) security software on a system, allowing attackers to carry out malicious activities like deploying ransomware without detection; it is considered a sophisticated tool often used by cybercriminals to evade security measures. Key points about EDRKillShifter: Function: Its primary purpose is Read More …

How to change user agent in nmap

Posted on 2024-10-272024-10-27 by tmack

NMAP How to change user agent You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments) local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)” You can change the value with this line local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; MSIE 9.0; Read More …

AuKill EDR Post

Posted on 2024-09-212024-09-05 by tmack

Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …

Hook Chain EDR Kill

Posted on 2024-09-082024-09-05 by tmack

Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …

Install Go Lang on Ubuntu

Posted on 2023-12-132024-03-26 by tmack

I decided as my computer hobby to start playing with some of the tools in the Project Discovery set. A good portion of these tools seem to be written in the Go language, so let’s also pursue that a little bit. These are my steps to install on my home server. OK, First let’s install Read More …