Hi there, I just started my own blog to share some of my research. The first two posts are disclosed vulnerability reports affecting #wordpress plugins for which it got assigned CVE-2022-3558 and CVE-2022-3634 a few months ago. virtualsamuraii.github.io/vulns/

Salut salut, Voici un premier article que j’ai pondu pour décrire de manière très vulgarisée ce qu’est concrètement un EDR. J’ai pris #SentinelOne en exemple car il est considéré comme étant l’un des leaders. virtualsamuraii.github.io/redteam/anatom… #redteam #maldev

Hello, Voici la partie 2 de la série d’articles Anatomie des EDR. Cette fois ci, on va voir le fonctionnement des drivers d’un EDR avec plus de détails (kernel, callbacks, minifilters, etc). virtualsamuraii.github.io/redteam/anatom… #redteam #maldev #edr #blueteam

Salut, shalom, salam camarades. Voici la 3eme partie de la série « Anatomie des EDR ». Cette fois ci, on va voir les processus, services, PPL et clés de registre Windows, utilisés par un EDR. virtualsamuraii.github.io/redteam/anatom… #redteam #windows #edr #maldev

I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly. The first post is about a custom version of GetModuleHandle and GetProcAddress in #go. Check it out: blog.atsika.ninja/posts/custom_g…

Collector celui là HZV

Hello world 👋 In 2022, Narek Kay and I studied an APT named Serpent Group that has been discovered by Proofpoint and VMware TAU. This threat actor targeted numerous french government entities during the 2022 presidential campaign. We reproduced their TTPs and came up

OSINT : Certaines entreprises divulguent des informations bien trop précieuses dans leurs offres d'emploi. C'est par exemple le cas ici, l'entreprise en question donne même la marque de son EDR. Ceci peut aider les attaquants à développer des malwares (implants, loaders,

Salut 👋🏼 Voici un petit article qui explique comment il est possible de personnaliser des outils publics pour contourner les antivirus. Ici, il s’agira de personnaliser l’agent Apollo du C2 Mythic pour contourner Windows Defender. virtualsamuraii.github.io/redteam/custom…

Hey there 👋🏼 I have been using an Ansible playbook to deploy a phishing server on a cloud instance for my engagements. Thought it might be useful for cyber security professionals out there. github.com/VirtualSamurai…

I did a DNS resolution on more than 4 million domain names with the .fr TLD Result: around 3.5 million domains might be spoofed by attackers because they don't have a DMARC record (let alone an SPF record). Domains belonging to companies such as Microsoft are also vulnerable.

🛜 Hackers sometimes gain access to a company's Wi-Fi network. In this blog post, we share some insights about a Wi-Fi (WPA2-Enterprise) penetration test that we conducted for an organisation. cyberwave.network/test-dintrusio…

During a Red Team engagement, one must be aware of every action, even when it comes to Wi-Fi testing. Sometimes, we have to send "deauthentication" packets to authenticated devices using tools like Aireplay-ng, in an attempt to capture a handshake and access the targeted network