Hey @brucon. My friends and me reached 3rd place with the team CSG9 at your CTF in September, but didn‘t received any book voucher yet. We verified onsite that the mail addresses were correct.
Had so much fun delivering my “AWS Security Masterclass” training at @x33fcon this year 🥳
After having a great time in Gdynia, now off to a sweet vacation 🚀 Until next time @x33fcon, see ya 👋
Your job as a Red Teamer is to help the Blue Team get better at catching you. If you're hoarding your intrusion points because Blue will catch you too fast, you're misunderstanding the point.
Your job isn't to exploit vulns. Its to help blue defend / detect more effectively.
Our powerintern @testert01 strikes again, teamed up with @thefLinkk and developed SysmonEnte: a hard to detect attack on Sysmon. Check out our new blogpost: https://t.co/ol4jrl1Ewa
If you need to monitor Linux systems in your #SIEM, you should take a look at "Laurel".
Laurel provides #auditd logging in JSON format.
https://t.co/ndponaftIx
Credits to https://t.co/hQuPvt34ol community.
Just saw an "Advanced Threat Protection" tool from a vendor that rewrites the URL of all incoming mails to redirect the users to their own website where a cloned version of the original website is presented by them. User should enter their credentials and the tool acts as a MitM.
(3/3) The bypass is reboot resistent and there is no alert in the EDR backend. MS is aware of the bypass but unfortunately the issue doesn't meet the bar for continuous tracking. An improvement will be implemented in a future version of the product.
(1/3) Did you ever wonder how to disable Defender for Endpoint including bypassing the new tamper protection? It's that simple:
1. Run ProcessHacker with the "TrustedInstaller" Plugin (https://t.co/HPqy7ca1WV)
2. Run regedit.exe with Trusted Installer Privileges
(2/3) 3. Set the "Start" key in HKLM\SYSTEM\CurrentControlSet\Services\Sense to 4
5. Terminate the MsSense process tree
4. Set the "SenseEnabled" key in HKLM\SOFTWARE\Microsoft\Windows Defender\Features to 0
5. Terminate the MsMpEng process