Arnim Rupp
Arnim Rupp
add new thor external variables: * filemode * owner
The check for "Check if authentication certificate templates allow users to control the subject" is valued with just 15 points, but might result in a straight domain takeover from any...
A wrong --foreigndomain parameter like e.g. `PingCastle.exe --foreigndomain doesnt_exist.no --healthcheck` is ignored and the default domain is scanned. Alse there's no indication of the problem in the output, the only...
Pingcastle 3.2.0.0 crashed with the error below: ``` ... [14:12:45] Gathering WSUS data [14:13:27] Gathering MSOL data The AD query failed. Using the alternative protocol (LDAPConnection) The AD query failed....
hi, you might be interested in https://github.com/ruppde/yara_rules/tree/main/capa2yara as that converts many of the fine capa rules to yara (generated .yar in the repo are old). the script now lives on...
hi, the "Is Tier Zero" of RODCs should be DEPENDS because because the RODCs might share the DSRM password with the DCs (synced via GPO). https://adsecurity.org/?p=3592 arnim
hello, Windows_API_Function.yar leaves me totally confused: 1. it doesn't match on the referenced f9b62b2aee5937e4d7f33f04f52ad5b05c4a1ccde6553e18909d2dc0cb595209 2. On VT it matched on bf8867ed4a4ac03112021e96ac8429db94db381da49cb37096ea3dadb5ef2c21 (and 24M other files), but shouldn't because the file...
regarding "The additional XOR operation forces malware analysts to develop custom tools to brute force the hash preimage." in https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html: the main reason for hashing the strings was probably to...
Also https://github.com/skelsec/pypykatz?tab=readme-ov-file#prerequisites contradicts the modules named in https://github.com/skelsec/pypykatz?tab=readme-ov-file#via-github
… messages for about 10% of systems which gave UNKNOWN-timeout with old values. (Perfect solution would be timeout in command line parameters.)