Christophe Tafani-Dereeper comments

Results 134 comments of


                                            Christophe Tafani-Dereeper

Cant work

Hi, Thanks for reporting. Could you try setting a breakpoint just after `NtQueryInformationProcess` is run, and look at the value of `err.LastDllError`? It should give you an error number that...

Cant work

Did you end up finding a solution?

Cant work

Hello, Sorry, I've not been maintaining this code for quite some time. If someone knows of a fix, I gladly take a contribution, thanks!

Privileged Identity Management (PIM)

This would be tremendously useful to have in Terraform. The API docs are here: https://docs.microsoft.com/en-us/graph/api/resources/privilegedidentitymanagement-resources?view=graph-rest-beta (beta)

Exfiltration through S3 Bucket replication

I believe @vot3k was planning to work on that one

Exfiltration through S3 Bucket replication

Closing as we lack evidence this is a real-world attack technique (see https://stratus-red-team.cloud/attack-techniques/philosophy/)

Exfiltration through S3 Bucket replication

Reopened, reference: https://www.vectra.ai/blogpost/abusing-the-replicator-silently-exfiltrating-data-with-the-aws-s3-replication-service cc @KatTraxler who's interested to pick up this issue

GCP: Retrieval of project/organization IAM policy

Thanks for your input @jonpulsifer, can you clarify what you mean?

GCP: Granting a project role to a @gmail.com e-mail address

Good point for the detection part! Thanks for the input

GCP: Add SSH key to project metadata

challenge: might be very noisy and not actionable enough for detection, as the `gcloud compute ssh` seems to do it