Clik here to view.
Windows Forensics with Plaso
.dont-break-out { /* These are technically the same, but use both */ overflow-wrap: break-word; word-wrap: break-word; -ms-word-break: break-all; /* This is the dangerous one in WebKit, as it breaks...
View ArticleClik here to view.
enOcean Security
With the rise of low-energy wireless communication, come new implications and security threats one may consider, before releasing a new product. In this post, we are going to take a closer look at the...
View ArticleClik here to view.
A Smart Card Odyssey
It all started off with this card, which is in use for the billing of washing machines and tumble drier use. It is plugged into a box that measures current flow and powers the machines. Only few...
View ArticleClik here to view.
There is such thing as a free lunch
Usually you need to pay for lunches with cash or using your credit card. But in some places employees can pay for a lunch using their access badge. And this is the payment method that will be covered...
View ArticleClik here to view.
Challenging Your Forensic Readiness with an Application-Level Ransomware Attack
Contents Introduction Attack Scenario Outlook MAPI COM OutlookCOM Init Function OutlookCOM Traverse Function OutlookCOM Example OutlookCOM Ransomware Conclusion References Introduction Most ransomware...
View ArticleClik here to view.
Domain-Join Computers the Proper Way
When you add a new computer, it must first join the domain. If you use its future main user to do it, they’ll become the owner and be able to hijack the computer to become a local administrator in...
View ArticleClik here to view.
Relaying NTLM authentication over RPC
Since a few years, we – as pentesters – (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for the...
View ArticleClik here to view.
Make the most out of BloodHound
During internal assessments in Windows environments, we use BloodHound more and more to gather a comprehensive view of the permissions granted to the different Active Directory objects. If you haven’t...
View ArticleClik here to view.
Evading Static Machine Learning Malware Detection Models – Part 1: The...
Modern anti-malware products such as Windows Defender increasingly rely on the use of machine learning algorithms to detect and classify harmful malware. In this two-part series, we are going to...
View ArticleClik here to view.
Evading Static Machine Learning Malware Detection Models – Part 2: The...
In the first blog post of this series, we tested several tools for evading a static machine learning-based malware detection model. As promised, we are now taking a closer look at the EMBER dataset...
View Article
