Hooking
Sensecon 23: from Windows drivers to an almost fully working EDR
TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here. EDR (Endpoint Detection and Response) is a kind of security product that aims to detect abnormal activities being executed on a computer or a server.
When looking for resources about how EDR’s work, I realised that, even if there is a lot of literature available about EDR’s, there aren’t many articles explaining how an EDR’s is architected and how the different components of a EDR are orchestrated. This article aims to demystify how EDR’s work while building a custom one that will implement a few techniques used by real EDR’s.
Intercepting passwords with Empire and winning!
This is my password,” said the King as he drew his sword. “The light is dawning, the lie broken. Now guard thee, miscreant, for I am Tirian of Narnia.
C.S. Lewis
tl;dr You are part of the red team who’s just compromised the entire AD infrastructure. The blue team quickly changes the password, which is always recommended, but is this effective in preventing the red team from still inflicting damage?
Android hooking with Introspy
Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for the Android emulator.
First things first, if you haven’t downloaded the Android SDK do it now from here. I am on Ubuntu 14.04 x64 machine but hopefully you will be able to follow this guide as long as you are on a modern linux system.
Sidenote: Since you are gonna run many commands on the emulator I highly recommend that you open a new shell during this proccess (adb shell) and run the logcat command. That way you can see all the debug messages and if something fails, play around and see how can you solve it.
Page 1 of 1