Collaborate Disseminate
Someone to whom I am related is at a study camp for their desired profession. This person, let’s call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, … Continue reading Company claims hardwire connections are a security issue
I’m currently learning how Active Directory/Group Policy works, and was wondering if a computer attached to an Active Directory domain is in any way inherently more secure than a computer that isn’t. I understand that you can… Continue reading What security benefits does Active Directory convey?
I have managed to stop most of the attack vectors using a varity of different group policies. The only one that I’m having issues with is when it uses the HID attack method.
Has anybody come up with a solution of how to stop it imitating … Continue reading Stop Rubber Ducky HID attack
I’m currently looking into exploit mitigation techniques and I’ve come across a question I can’t find an answer to just now.
To detect the presence of let’s says PIE or Canaries within a binary there are scripts, like checks… Continue reading Detect kASLR/ASLR within a Linux firmware image without running it
In April 2017 a hacker group called The Shadow Brokers has leaked a set of Windows exploits developed by the NSA. One of these exploits, called EternalBlue, was used to install on a compromised computer a remote command execu… Continue reading How one can detect and remove the remote command execution tool DoublePulsar?
I have been learning about using stack overflows to get arbitrary code execution, one of the tricks used is overwriting the return address to make control flow go the way you want it. Assuming our system has NX bit.
What if we made the… Continue reading Using instruction set architecture (ISA) to stop stack overflows
My AV sends an export bi-weekly with all the scripts that ran in my environment. It cannot determine if it’s a malicious script or a benign one. After I receive the export the list is about 70k scripts long. I look at all th… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?
My AV sends an export by-weekly with all the scripts that ran in my environment.It can not determine if its a malicious script or benign. After I receive the export the list is about 70k scripts long. I look at all the applic… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?
My AV sends an export bi-weekly with all the scripts that ran in my environment. It cannot determine if it’s a malicious script or a benign one. After I receive the export the list is about 70k scripts long. I look at all th… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?
I’ve noticed a number of Windows services required for network connectivity maintain open ports.
What can be done to ensure Service functionality without allowing the always-open ports to act as a network liability (i.e. hacking vulnerabi… Continue reading How to protect open ports for Services/Programs needed for network connectivity?