Our Blog

Dumping LSA secrets: a story about task decorrelation

Reading time: ~16 min
Posted by aurelien.chalot@orangecyberdefense.com on 03 July 2024
Categories: Edr, Lsa, Registry, Windows
While doing an internal assessment, I was able to compromise multiple computers and servers but wasn’t able to dump the...

Sensecon 23: from Windows drivers to an almost fully working EDR

Reading time: ~54 min
Posted by aurelien.chalot@orangecyberdefense.com on 31 January 2024
Categories: Callbacks, Driver, Edr, Hooking, Kernel, Rootkit, Shellcodes, Ssdt, Winapi, Windows, Rootkits, Shellcode
TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint...

Filter-Mute Operation: Investigating EDR Internal Communication

Reading time: ~21 min
Posted by jeanpascal.thomas@orangecyberdefense.com on 28 July 2023
Categories: Edr, Kernel, Reversing, Windows, Av bypass, Reverse engineering
For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look at communication between a...