Time ago, we receive a phishing that easily bypassed the Microsoft Exchange Protection (EOP) and a third part email sandbox solution. The technique was an old one, but it was still effective.
Continue readingAuthor Archives → andx86
Deny delete permissions on a folder
Some times, when you analysis dynamically a malware sample and this created files and then deleted them, disable the permissions for delete files in one specific folder could be useful.
Continue readingEnabling Netlogon debug mode
Some time ago I had to investigate a case in which a lot of failed login events were being received in the Domain Controller of a public organization (apparently a brute force attack). The events did not show which machine was being logged on. In some cases it showed the name of the connection source machine and in others it did not.
Continue readingDeobfuscating a Powershell payload of Cobalt Strike
On January 27th 2023 the chilean goverment CSIRT disclosed IOCs of a failed intrusion to an entity related with the economic sector in Chile. What was published corresponded to a hash (md5) and two IPv4 addresses. In this post we reviewed this data and try to get more information about the threat.
Continue readingHello world!
Welcome to andx86.com. First post coming soon!