Introduction A lot of the time when working with malware or when investigating an incident, you may encounter PowerShell executing obfuscated commands which may look like gibberish. These commands are usually obfuscated to make it harder for the analyst to understand, as well as making it harder for detection solutions [...]
I explained all the details for ZeroLogon CVE
1- Cryptography problem of the protocol
2- How the attack works
3- reading the code of POC and explain it
all of this is explained using the whitepaper and MS-NRPC
Event Log Service Event viewer is the preinstalled application in windows to view windows logs, it depends on a event log service to function EventLog Service Service configuration: STOPPABLE, AcceptPause, AcceptStop Binary path : svchost.exe -k LocalServiceNetworkRestricted -p -k [...]
Introduction A lot of the time when working with malware or when investigating an incident, you may encounter PowerShell executing obfuscated commands which may look like gibberish. These commands are usually obfuscated to make it harder for the analyst to understand, as well as making it harder for detection solutions to detect them. Knowing how [...]
Cyber Castle is an Egyptian cyber security company founded in 2020. specializes in the cyber security services & solutions with the aim to detect, protect and mitigate from sophisticated cyber threats in a timely manner.
92 Omar Ibn El-Khattab, Almazah, Heliopolis, Cairo Governorate
Mobile: (02) 01018233755
Post comments (0)