Doubtful Frog

What happen when you follow the suspicious link that wants to give you free Adobe? Well let's explore this simple but interesting Vidar sample.

Memory forensics are fascinating. We can reveal find many signs of compromise and be sure that a process is infected. To start with this path I want to test how code injection done by different C2s can be identified on memory. Let's review this on a series of small blogs

In this quick blog lest's start banning passwords using Lithnet Password Protection for Active Directory.

What can we do to help our users avoid using weak passwords. You know like this ones: 2023 or 2023#, the ones you know the ones attacker will use against you. The ones we all know we shouldn't use.

Multiple ransomware attacks have targeted ESXI servers because of the effect this has on companies. With one EXSI server encrypted, the attackers can disrupt entire companies or sites. In this blog, I share some detection ideas and Yara rules.

This week has been really hectic. Multiple high-profile attacks around the globe and various people have attempted to analyze the little information we have. This has led to misinformation spreading and making people worry or take actions that may or may not be helpful. Let's discuss this.

Well a new malware sample to work on. This malware sample was interesting to me by the way the malware was obfuscated. It's pretty simple but I find it funny and interesting. Also, this malware sample seems to target a very specific demografic.

ADCS is a an Active Directory tool that lets administrators customize services in order to issue and manage public key certificates. And with some missconfiguration you can just became domain admin in few steps.

I've been working on some malware analysis and it has been interesting. There are different ways the malware is obfuscated, attempt to download and execute. On this blog, I will walk through the process and insight i have learned during this analysis.

One of the most common ways attackers gain privileges over a machine is using an exposed RDP machine. On this blog I want to show how some of these attacks happen, how we can detect them and some preventions we can take to avoid this type of incidents.

I have been writting about detectiong PowerShell monitoring. This I believe is a powerfull way to detect intrusions, but there are some thing we have to plan before doing this. Let's discuss some of this considerations.

Detection for enumeration using CMD was relative easy because it generates a new program we can audit, but on the case of PowerShell, this doesn't happen. It works on sessions that Interprets the commands and gives the result. This makes detection more difficult than with CMD, but with the correct event we can do it.

I'm planning on doing a series of blogs to show some enumeration techniques that I've been learning during these days on Pentest Academy. But as I like more the blue team side of thing I'm going to show how to detect this techniques, also on the last blog I plan to give the best detection that I have found for enumeration

I have been learning how to protect Active Directory, a critical part of IT. On this blog, I will write about some open source tools and configuration changes that can help you strengthen your defenses

I've finally gotten free from university (at least for now), so I've been listening to Darknet Diaries, I'm currently on episode 10, but the episode 5 #ASUSGATE remember me about secure by default. I want to explore my router and see how it's configure.

This week I decided to learn about rundll32.exe and dll files, a program that lets you execute exported dll functions and a file that allows many of the functionality of the OS. Rundll32 has a really interesting functionality that has been used by different attacker tools.

Lapsu$ manage to breach Okta, this breach shows some of the deficiencies security has even on big companies. Let's explore some of this deficiencies

Inside the machine is a easy to understand description of how computers work. This book explains concepts in a abstract but interesting way. Even though this book is not completely accurate with some descriptions and don't dive deep into some topics it's enough to understand how a computer works.