🇫🇷🎙️ Nouvel épisode du podcast Hack'n Speak avec Maxime Meignan & Qazeer pour parler de leur outil EDRSandBlast 🚀 Une interview un peu plus technique que d'habitude où l'on parle du fonctionnement d'un EDR et des mécanismes de contournement 🔥 Bonne écoute 🎶anchor.fm/hacknspeak

You enjoyed the awesome EDRSandblast tool of Maxime Meignan and Qazeer and want to know more about the vulnerability used in the MSI AfterBurner driver to play in the kernel mode ? Go check the vulnerability analysis done by hfiref0x swapcontext.blogspot.com/2020/01/unwind…

I'm extremely proud to announce Wavestone speaking engagements at BSides Las Vegas DEF CON & more, and it doesn't fit in a tweet (far from it, actually), so a 🧵:

Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post posts.specterops.io/koh-the-token-… where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at github.com/GhostPack/Koh

Actually good question, let's start with obviously wrong answers and see where they lead us. A thread 🧵

A promise is a promise: the slides from the #DEFCON30 DemoLabs Qazeer and I presented about EDRSandblast are uploaded on GitHub (github.com/wavestone-cdt/…), along with the latest version of the tool! Check out the list of new features in the slides, documentation is on its way ;)

#Podcast #Cybersécurité Épisode #387 consacré à l'outil de contournement des EDR, "EDR Sandblast", avec Maxime Meignan et Qazeer nolimitsecu.fr/edrsandblast/

🚩 Wavestone France CTF team #YoloSw4g ranks first of 80+ teams at #CyberEx23! 🚩 Thanks INCIBE and OEA Ciberseguridad for the organization & challenges! 🚩 Congratz to Qazeer Maxime Meignan and Dlvl François for the great team we've been for the last 8 hours, now we go to a well-deserved sleep!

Forget vulnerable drivers - Admin is all you need Article 👉 elastic.co/security-labs/… 👇 Demo - enable sound 🔊

How to disable some parts of EDR’s telemetry on Windows 10? Just ask nicely! See riskinsight-wavestone.com/en/2023/10/a-u… for more info about an interesting logic bug we found on Win10 that affects all EDRs 😉

What a glorious day for Incident Responders around the world! Premium audit events in Microsoft 365 are now available to non-premium users. 🚨Action for you: - Check your mailbox audit settings, details in the blog: techcommunity.microsoft.com/t5/security-co…

I recently co-authored a Unit 42 blog about a unique IR case in which a threat actor’s custom EDR bypass (using #BYOVD) exposed their toolkit, methods, and even identity. Check out how we unmasked them through an opsec slip-up! #dfir unit42.paloaltonetworks.com/edr-bypass-ext…