Collaborate Disseminate
My recent webcast with Jaron Bradley was recorded and a link is available below. If you have been looking for an excuse to get more familiar with Windows PowerShell, have a look. What Malware? Hunting Command Line Activity There is a reason hackers use the command line, and it isn’t to impress you with their prowess. […] Continue reading Hunting PowerShell Command Lines
It has been an interesting year for attacks against the Windows credential model. If you aren’t familiar with the Mimikatz “Golden Ticket” attack, it represents some of the best justification for guarding your domain administrator credentials with your life (if you really needed additional justification). CERT EU published an excellent whitepaper on strategies for mitigating this […] Continue reading Mimikatz Kerberos Golden Ticket
CrowdResponse is a free tool written by Robin Keir from CrowdStrike. Robin has a long history of developing excellent tools for the community including SuperScan, BinText, Fpipe, and CrowdInspect. The goal of CrowdResponse is to provide a lightweight solution for incident responders to perform signature detection and triage data collection. It supports all modern Windows […] Continue reading Signature Detection with CrowdResponse
Web shells epitomize the hacking tenant of hiding in plain sight. In a previous post, we showed how a web shell could hide as a single file among thousands present on a web server and as a single line of code in an otherwise legitimate page on a site. The best web shells are not […] Continue reading Mo’ Shells Mo’ Problems: Web Server Log Analysis