I was reading an older report from CrowdStrike the other day:
"CrowdStrike was able to reconstruct the PowerShell script from the PowerShell Operational event log as the script’s execution was logged automatically due to the use of specific keywords." [1]
Which reminded me of the post of @nas_bench :
"PowerShell has a list of suspicious keywords. If found in a script block an automatic 4104 event will be generated regardless of logging policy :)" [2]
You can look up the relevant code here (it's inside the SuspiciousContentChecker class.) [3] Nasreddine published the list here in a gist [4]
[1] https://t.co/9ettJqHezU
[2] https://t.co/iCayaHc0S4
[3] https://t.co/0Ch9WhCynS
[4] https://t.co/KpcLHsGJ48
I was fired by Cloudflare today.
Me and my team have spent the last 18 months tirelessly testing different regex patterns and configuration updates.
If you are looking for experts in taking down 20% of the internet using a single regex, lmk.
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: https://t.co/Qa4aieDBji
I'm working on a useful tool that allowed me to discover quite a few interesting attack vectors in Azure.
UsersPermissionToReadOtherUsersEnabled bypass
MFA bypass
Privileges escalation
And more
https://t.co/ad8gsRx3ha
#Azure#RedTeam
Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl !
Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode.
https://t.co/761G96JDF1
I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language
"A Malloc Tutorial"
A step-by-step guide to implementing your own memory allocator to truly grasp how memory allocation works in C.
Covers heap management, block splitting, & memory alignment.
Easential for understanding how malloc, free, & realloc work under the hood.
Anyone else spot that https://t.co/6djGBf27l1 is looking to extract information from your system?
This site is not linked to the original author's version of Linpeas by the way.
All common attacks on Elliptic Curves in one place, with a clear, concise explanation, and example code. I found it very helpful during #FlareOn11 - an for sure it will come handy during other CTFs too!
This is a really cool book. I am sure it will help to many malware analysts, and be a guiding light and an inspiration for people who want to learn more. I feel honoured that I could have my small contribution in the project. Thank you for the gift, @d4rksystem !
Andres Freund, the principal software engineer at Microsoft who discovered the xz backdoor really does deserve a big pat on the back. 👏
The outcome could have been much, much worse.
Nothing fancy here but if you want to dump emails from an Azure tenant through a device code phishing this may help.
https://t.co/texrtCWOMS
Bonus feature you can also push your payload on the target tenant and use the shareable link in your weaponized campaign.
I know some people use #PEbear to unmap PEs dumped from memory. Since upcoming releases you will be able to do it just by one click: https://t.co/yMVA4bJucA
Brushing up my scripting chops. Wrote a proof-of-concept shell script for early detection of lookalike domain used in third-party compromise or business email compromise. https://t.co/XgfnV7SL4t
I’ve spent the last 2 years at @Tanium, best job I ever had. But resource realignment happens, and I am seeking a new opportunity. I am a security innovator, to the extent that nearly every computer on the Internet is using at least one of my technologies or inventions.
1/n