We didn't stray far from the office today, but it didn't stop us from enjoying the eclipse! Mini-blind hack.
Lefrancois Engineering’s Post
More Relevant Posts
-
🚀 Exciting Talk at #x33fcon: "Busting Redteam Trends with Style - Lessons Learned from Building an ETW based Sysmon Replacement from Scratch" 🚀 Sebastian Feldmann and Philipp Schmied will share their journey of developing a custom ETW-based Sysmon replacement from scratch, designed to fingerprint advanced threat actors and red team techniques such as (in)direct syscalls, various sleepmasks, module proxying, and callstack spoofing. Key Highlights: 🔍 Enhanced telemetry for #ThreatHunting 🔍 Sysmon compatibility with enriched data 🔍 New events for detecting advanced threats 🔍 Architecture and challenges in event collection and correlation Join us to learn how their innovative approach helps analysts detect new #IOCs and improves monitoring capabilities. Learn more: https://lnkd.in/e9saM4gq #Windows #ETW #Research #Monitoring #RedTeam #BlueTeam #PurpleTeam
To view or add a comment, sign in
-
I am so excited to share my latest write-up on the Granny machine from HackTheBox. In this write-up, I explored exploiting a remote buffer overflow vulnerability. #HackTheBox #PenetrationTesting #BufferOverflow #EthicalHacking
To view or add a comment, sign in
-
Nights and Weekends S5 update - Moved past just agents in a grid and made a Network-based model, simulating connected cities with nodes and edges. In the model, red = infected, blue = susceptible, and green = recovered Noticed that even though most of the nodes were infected and recovered, some of them remained blue (never got infected!) Check out this Github and star it for more updates: https://lnkd.in/gsDrFsNd cc: buildspace
To view or add a comment, sign in
-
Hard times happen, but in recovery, we can learn the tools to cope with challenges. Check out our blog about staying #sober during rough patches: https://bit.ly/42DrbWp.
To view or add a comment, sign in
-
This machine teach me how to enumerate a .sdf file to find interesting things, then how to use a PoC to get a reverse shell, and look into a non-default Windows service to get the Admin password searching into a Metasploit exploit but doing the process manually. As always, I have learned a lot!
Owned Remote from Hack The Box!
hackthebox.com
To view or add a comment, sign in
-
今天在分析一支偽裝成TeamViewer的後門程式,使用PEStudio拆解發現很多有問題的套件,但不知道該怎麼證明駭客透過該後門偷鄒了哪些資料或做了哪些動作? I analyzed a backdoor which disguised as TeamViewer. I dissected it using PEStudio and discovered several problematic packages function. However, I’m not sure about how to prove how many data the hacker might have stolen or what actions they performed through this backdoor.
To view or add a comment, sign in
-
🔎 New Threat SnapShot! 🔎 Our latest video dives into the resurgence of the notorious FIN7 threat group and their evolving tactics. We break down detection strategies for FIN7's latest tools: 🛠️ Powertrash: An obfuscated PowerShell script for reflective payload loading 🛠️ Automated persistence using batch files and scheduled tasks 🛠️ AuKill: An AV neutralizer tool Learn how to spot these threats through: 🛡️ PowerShell script block logging analysis 🛡️ Suspicious scheduled task creation detection 🛡️ Registry indicators of AV killing #threathunting #detectionengineering
Threat Snapshot: FIN7 Is Dead, Long Live FIN7
To view or add a comment, sign in
-
Principled, Innovative & Collaborative C-level Technology Executive/SVP | Driving strategic digital transformation | CX | Data Analytics/ML Engineering | FinTech at Affirm| American Express | Ally
The lessons from one of the largest tech outage from Crowdstrike are relatively simple. 1. Tests to detect the absence of assumed inputs is equally important to validating presence of expected inputs 2. Tests are only good as the ability to replicate real world environment where the code runs. Simulating chaos scenarios might elongate testing timelines but needed based on risk levels 3. Isolation is still a reliable way to achieve high availability. My family was en-route from India to the US and what should have been a 24 hour travel became a 48 hour travel schedule managed with manual boarding passes. This drives home the real impact of how critical it is to recognize the systemic risks in our tech deployments as in the financial markets.
From the programming community on Reddit: Crowdstrike outage incident technical report
reddit.com
To view or add a comment, sign in
-
I really liked this room because somehow it showed some real word challenges like port forwarding and a privilege escalation that can also happen in the real world. You start off by finding a command injection vulnerability in a web server and exploit the vulnerability to get a shell on the box. Then you have to exploit a bash script and escalate your privileges to a user called apaar and then you can drop a SSH key and then take advantage of SSH to do port forwarding to a port that’s running on localhost.
Chill Hack
tryhackme.com
To view or add a comment, sign in
-
In this very easy Sherlock, you will familiarize yourself with Unix auth.log and wtmp logs. We'll explore a scenario where a Confluence server was brute-forced via its SSH service. After gaining access to the server, the attacker performed additional activities, which we can track using auth.log. Although auth.log is primarily used for brute-force analysis, we will delve into the full potential of this artifact in our investigation, including aspects of privilege escalation, persistence, and even some visibility into command execution.
Solved Brutus from Hack The Box!
labs.hackthebox.com
To view or add a comment, sign in
120 followers