tmack » 1bluebass

News :: AT&T Breached again…..

Posted on 2024-11-122024-11-11 by tmack

article Another example of sprawling clouds maybe? Security 101 – You have to know what you have. /snark over

NOTES :: Purdue Model

Posted on 2024-11-112025-01-14 by tmack

The Purdue Model The Purdue model is generally accepted as the standard for building an industrial control system (ICS) network architecture in a way that supports OT security, separating the layers of the network to maintain a hierarchical flow of data between them, and as such, reflects the baseline architecture requirements for many industrial control Read More …

Hacker Video – What Is An XXE Attack

Posted on 2024-11-072024-10-27 by tmack

XML files can incorporate inline references to other documents. Unsafe treatment of external references allows an attacker to probe your file system for sensitive information – an XML External Entity (XXE) attack.

Unmasking a CIA Criminal

Posted on 2024-11-072025-01-22 by tmack

Hacker video of the week……

EDRKillShifter

Posted on 2024-11-012024-10-27 by tmack

“EDRKillShifter” is a type of malware specifically designed to disable Endpoint Detection and Response (EDR) security software on a system, allowing attackers to carry out malicious activities like deploying ransomware without detection; it is considered a sophisticated tool often used by cybercriminals to evade security measures. Key points about EDRKillShifter: Function: Its primary purpose is Read More …

New Video – Assembly Primer For Hackers – Hello World

Posted on 2024-10-312024-10-27 by tmack

This is new video I found some time ago, when I was entertaining the thought of getting the OSCP. Assembly Primer For Hackers – Hello World

How to change user agent in nmap

Posted on 2024-10-272024-10-27 by tmack

NMAP How to change user agent You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments) local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)” You can change the value with this line local USER_AGENT = stdnse.get_script_args(‘http.useragent’) or “Mozilla/5.0 (compatible; MSIE 9.0; Read More …

AuKill EDR Post

Posted on 2024-09-212024-09-05 by tmack

Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …

Mad about MFA?

Posted on 2024-09-052024-09-05 by tmack

Notes on “Paved Road”

Posted on 2024-09-012024-08-27 by tmack

Lessons from Securing Internal Applications WebappSec Link Building a Security Platform Engineering Team “”” I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to Read More …