Webinar Takeaway: How to Get Started in Cyber Threat Hunting
My key takeaways responding to alerts, writing sig’s, checking dashboards is reactionary; threat hunting is proactive @TayandYou Read More
My key takeaways
- EDR loader: may execute shellcode
- Most EDR are on cloud
- Receipe to pwn such EDR:
- get IP's for the vendors (usually whitelisted)
- create a windows firewall rule to block these IPs
- EDR pwnd
- Receipe to pwn such EDR:
- EDRs are blind to WSL(2) since 2018
- Files >50MB are usually ignored by EDRs
- Rust, GoLang, Nim to bypass EDR
- A lot of maleware ist still written in Delphi
- EDR look for comments in code
- no comments, no cry
Env
- Provided by BHIS
- Presenter:
Tags
EDR, webinar takeaway
You may also like
Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s
My key takeaways Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing Don’t put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible Best of phishing themes: give away 2 iPhones or check a link
Read More