Code Archives - Jean-Christoph von Oertzen

Webinar takeaway – Shellcode Execution with Python

jean-christoph — Thu, 12 Jan 2023 19:27:44 +0000

teaser for this Webcast, which made me attend Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you […]

The post Webinar takeaway – Shellcode Execution with Python appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – Making MITRE ATT&CK Actionable

jean-christoph — Wed, 12 Jan 2022 19:11:06 +0000

My key takeaways ATT&CK is a framework, not a how to or step by step instruction How do we protect ourselves from techniques like Powershell used for attacks? deep technical knowledge <- hard to get for all 836 techniques mentioned in ATT&CK Identify technique coverage Build (SIEM) detections <- also hard to build PYATTCK and […]

The post Webinar takeaway – Making MITRE ATT&CK Actionable appeared first on Jean-Christoph von Oertzen.

Event takeaways: BSidesMeSh21 – day 2

jean-christoph — Tue, 22 Jun 2021 16:05:01 +0000

My key takeaways 11 min from publishing credentials (accidently) to github till pwn 2019: ~200k credentials in Github ; 2021: +20% runtime secrets go to application secrets managers AWS Secrets Manager GCP Secrets Manager Hashicorp Vault Azure Vault InfoSec’s dirty little secret: We can’t know all the options, but we still need to help secure […]

The post Event takeaways: BSidesMeSh21 – day 2 appeared first on Jean-Christoph von Oertzen.

Event takeaways: BSidesMeSh21 – day 1

jean-christoph — Mon, 21 Jun 2021 16:34:29 +0000

My key takeaways Security in sprints vs whole security sprints? Smaller activities from the very beginning. It is not full time, but always ongoing. And maybe, if the situation is very tricky, entire sprints might be necessary, too. — Thomas Fricke Kubernetes does its best to be secure inside. Unfortunatly it is not configured so […]

The post Event takeaways: BSidesMeSh21 – day 1 appeared first on Jean-Christoph von Oertzen.

Workshop takeaways: Scaling Your Security Program with Semgrep

jean-christoph — Thu, 17 Jun 2021 18:16:49 +0000

My key takeaways Detecting the lack of using secure defaults is much easier then finding bugs "You can get amazing security wins if you can get a bit draconian about coding standards" Blue teams can win, if they outmaneuver attackers in the OODA loop: 👀 🧠 👍 💪 generic checks can provide a lot of […]

The post Workshop takeaways: Scaling Your Security Program with Semgrep appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Shellcode Execution with GoLang

jean-christoph — Thu, 20 May 2021 18:11:39 +0000

My key takeaways Go basics: local functions start with small letter, exported functions start with a capital letter walrus operator = declare and initialize in one statement like k := 3 the only loop is a for loop Go is truly a compiled language, it produces a machine native executable Shellcode: machine code native to […]

The post Webinar Takeaway: Shellcode Execution with GoLang appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Uncovering Secrets and Simplifying Your Life with CyberChef

jean-christoph — Thu, 22 Apr 2021 18:08:25 +0000

My key takeaways Secrets everywhere, even on a parachute landing a mars rover CyberChef is a GCHQ project, so be aware using it with client data There is even a receipe for OCR in CyberChef There is even a receipe for Creating QR-codes in CyberChef you can use it to extract all URLs eg from […]

The post Webinar Takeaway: Uncovering Secrets and Simplifying Your Life with CyberChef appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Releasing Your First (Python) Open Source Project to the Masse

jean-christoph — Wed, 13 Jan 2021 21:00:55 +0000

My key takeaways Version control is not for dev only. eg filename for docs 😉 Fear of Git is quite common great way of explaining git: staging: collect changes to track if you get it on the CLI it is much easier to understand it in any other tool remove the file due to pw-oopsie: […]

The post Webinar takeaway: Releasing Your First (Python) Open Source Project to the Masse appeared first on Jean-Christoph von Oertzen.

Play a quiz while learning for a multiple choice test

jean-christoph — Sun, 06 Dec 2020 00:11:39 +0000

TL;DR Multichoice-quiz is a mulitple choice quiz game programmed in Python You can add your own quizzes as simple JSON files No GUI, just terminal OSISG should become a crowd-sourced quiz with the best information security questions out there short story long As I wrote in my post about the CompTIA Network+ certificate, using virtual […]

The post Play a quiz while learning for a multiple choice test appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses

jean-christoph — Thu, 03 Dec 2020 19:02:11 +0000

My key takeaways it’s getting harder to execute malware in a lot of environments, also due to endpoint maturity 3 parts of an assumed compromise: priv esc, lateral movement, senstive data access Win10 is safer then ever, also Windows Defender has improved defense vendors have signatures for almost all metaspoilt machine code nowadays you can’t […]

The post Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses appeared first on Jean-Christoph von Oertzen.