31ric » 1bluebass

Looking at Attack Surface Mapping

Posted on 2024-10-162024-03-11 by tmack

Hot Take Incomming……. Warning…… I am going to come right out and say it, and it will sound completely arrogant, but I think the majority of Attack Surface Mapping vendors out there are doing it wrong. ASM for those who are new to blogs like these, stands for Attack Surface Mapping. This process is meant Read More …

AuKill EDR Post

Posted on 2024-09-212024-09-05 by tmack

Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …

Hook Chain EDR Kill

Posted on 2024-09-082024-09-05 by tmack

Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …

Mad about MFA?

Posted on 2024-09-052024-09-05 by tmack

Camp IT DR/BCP Conference Thoughts

Posted on 2023-11-112024-03-26 by tmack

Recently I attended a Camp IT Conference hosted at the Stephens Convention center in Rosemont Illinois. This particular conference was Disaster Recovery / Business Continuity – Resilient Infrastructure. While the Convention center in Rosemont is cavernous, our group was off to the side in the Executive areas. Next time I will remember to take photos! Read More …