“EDRKillShifter” is a type of malware specifically designed to disable Endpoint Detection and Response (EDR) security software on a system, allowing attackers to carry out malicious activities like deploying ransomware without detection; it is considered a sophisticated tool often used by cybercriminals to evade security measures. Key points about EDRKillShifter: Function: Its primary purpose is Read More …
Tag: tmack
New Video – Assembly Primer For Hackers – Hello World
This is new video I found some time ago, when I was entertaining the thought of getting the OSCP. Assembly Primer For Hackers – Hello World
How to change user agent in nmap
NMAP How to change user agent You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments) local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)” You can change the value with this line local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; MSIE 9.0; Read More …
AuKill EDR Post
Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …
Notes on “Paved Road”
Lessons from Securing Internal Applications WebappSec Link Building a Security Platform Engineering Team “”” I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to Read More …
2 AD or not 2 AD
To AD or not to AD, that is the question. Whether ’tis nobler to continue patching The slings and of the security researchers, Or to take arms against a sea of criminal adversaries And by opposing end them. To die to AD? No more? and by a decommission to say we end AD? The heartache Read More …
What is DTLS and where do I use it?
It’s best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. A provisioning package (. ppkg) is a container for a collection of configuration settings. Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily Read More …