Just Another Blue Teamer · @LeeArchinal
128 followers · 193 posts · Server ioc.exchange
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
#powershell #certutil #bitsadmin #Lsass #happyhunting #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #readoftheday #flaxtyphoon #ChinaChopper #metasploit #mimikatz #lolbins
JM ☠️ · @jmamblat
333 followers · 220 posts · Server infosec.exchange“New PostDump version include C# / .NET implementation of the famous NanoDump's NanoDumpWriteDump function, which permit to dump most important #Lsass modules only” #redteam #offensivesecurity #cybersecurity #infosec
https://github.com/post-cyberlabs/Offensive_tools/tree/main/PostDump
#Lsass #redteam #offensivesecurity #cybersecurity #infosec
Matt "msw" Wilson · @msw
2350 followers · 1004 posts · Server mstdn.social
"AWS announces Credential Guard support for Windows instances on Amazon EC2"
Protect those #LSASS secrets!
An OS like #Windows has a hard time doing it without #virtualization based security, provided by a #hypervisor like the one found in the #NitroSystem.
#pth #passthehash #ActiveDirectory #Security #AWS #nitrosystem #Hypervisor #virtualization #Windows #Lsass
JM ☠️ · @jmamblat
308 followers · 170 posts · Server infosec.exchange
Some serious work from folks at Elastic Security: “Silhouette is a POC that mitigates the use of physical memory to dump credentials from #Lsass.” #cybersecurity #infosec #redteam #blueteam
https://github.com/elastic/Silhouette
#Lsass #cybersecurity #infosec #redteam #blueteam
abyssal_dk · @abyssal_dk
33 followers · 74 posts · Server infosec.exchange
Outil simple pour effectuer un vidage de mémoire LSASS en utilisant quelques techniques pour éviter la détection.
#redteam #Lsass
https://github.com/post-cyberlabs/Offensive_tools/tree/main/PostDump
JM ☠️ · @jmamblat
280 followers · 136 posts · Server infosec.exchange“It is yet another simple tool to perform a #Lsass memory dump using few technics to avoid #detection. “
#cybersecurity #redteam #offensivesecurity #infosec
https://github.com/post-cyberlabs/Offensive_tools/tree/main/PostDump
#Lsass #detection #cybersecurity #redteam #offensivesecurity #infosec
Martin Boller :donor: :tux: :freebsd: :windows: :mastodon: · @itisiboller
1089 followers · 1147 posts · Server infosec.exchange
Defeating Credential Guard #CredGuard #Windows #Defeat #MimiKatz #Isolated #LSASS https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
#credguard #windows #defeat #mimikatz #isolated #Lsass
Daru003 · @daru003
35 followers · 78 posts · Server infosec.exchange
Good alternative tool for dumping LSASS:
#hacking #infosec #Lsass #windows
acrypthash👨🏻💻 · @acrypthash
250 followers · 129 posts · Server infosec.exchange
abyssal_dk · @abyssal_dk
18 followers · 40 posts · Server infosec.exchangeTechniques intéressantes mais tjs bloqué par l'antivirus :sadglasses:
https://kaluche.github.io/posts/2020/09/dumping-credentials-offline/
#pentest #lsass