Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port. https://t.co/wn0S7pUt5o
If you're curious on how you might go about avoiding this kind of ETW TI telemetry, check out our latest Nighthawk release, and in particular the new Call Stack Masking feature 🔥https://t.co/yIMGFWANX8
Announcing JA4+ Network Fingerprinting!
JA4+ is a suite of new fingerprinting methods for multiple protocols, detecting everything from entire c2 frameworks, to session hijacking, to reverse SSH shells.
https://t.co/esP1FWySYY
My open source tool for checking the security hardening options of the Linux kernel got a new name: kernel-hardening-checker.
Now it supports checking:
1⃣Kconfig options (compile-time)
2⃣Kernel cmdline arguments (boot-time)
3⃣Sysctl parameters (runtime)
https://t.co/QWDLQIO4wi
Finally my talk from @x33fcon is online! 🔥
I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟
There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡
https://t.co/fXZ0TXfK5m
(1/2) FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the --tcpmss switch that includes the mentioned field for your better scope coverage ⤵️
🔥 Excited to share my latest @Mandiant Red Team blog on "Escalating Privileges via Third-Party Windows Installers"
https://t.co/01nYd4DmzJ
Learn how attackers exploit this privilege escalation vector and ways to defend against it. Includes BOF release and a couple CVEs!
Kerberos tickets dumping in pure PowerShell 😍
I simply love such approach.
So much more beautiful than loading pre-compiled binary blob. And so much harder to detect...
https://t.co/SF0APKmIGp
🚨Evilginx 3.1.0 Release 🪝🐟
Just pushed a small update to Evilginx, fixing few issues, which came up after the 3.0 release in May.
Enjoy!
https://t.co/SRNHlnXKp7