Kostas's banner
Kostas's profile picture

Kostas

@Kostastsale19,822 subscribers

I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦

Shorts

Sometimes the call comes a little too late and you gotta do what you gotta do 😂

Sometimes the call comes a little too late and you gotta do what you gotta do 😂

11,535 次观看

I came across a great persistence mechanism and created a Sigma rule for it. Just drop your batch script or add a line that points to your payload inside C:\Windows\Setup\Scripts\ErrorHandler.cmd, and upon execution of C:\Windows\System32\oobe\Setup.exe, the payload will run. In the clip below, I have cmd.exe /c calc.exe as the payload. If ErrorHandler doesn't exist, you can create it along with the directory. Thanks to @Hexacorn for posting about it 🙏 In regards to the rest binaries under the C:\Windows\System32\oobe\ directory, most of them will not work, whereas others will force a restart (i.e. audit.exe) 🔗:

I came across a great persistence mechanism and created a Sigma rule for it. Just drop your batch script or add a line that points to your payload inside C:\Windows\Setup\Scripts\ErrorHandler.cmd, and upon execution of C:\Windows\System32\oobe\Setup.exe, the payload will run. In the clip below, I have cmd.exe /c calc.exe as the payload. If ErrorHandler doesn't exist, you can create it along with the directory. Thanks to @Hexacorn for posting about it 🙏 In regards to the rest binaries under the C:\Windows\System32\oobe\ directory, most of them will not work, whereas others will force a restart (i.e. audit.exe) 🔗:

17,501 次观看

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

I created the first draft of a website for the EDR telemetry project to help people quickly compare vendor telemetry visibility. What do you think about it? Are there any specific features you want to see for the website? Built with ChatGPT 4o with canvas (wanted to test it out😂) EDR Telemetry project 🔗:
0:30
Kostastsale's profile picture

I created the first draft of a website for the EDR telemetry project to help people quickly compare vendor telemetry visibility. What do you think about it? Are there any specific features you want to see for the website? Built with ChatGPT 4o with canvas (wanted to test it out😂) EDR Telemetry project 🔗:

Kostas

140,482 次观看 • 1 年前

Enjoy your weekend yall 😅
0:27
Kostastsale's profile picture

Enjoy your weekend yall 😅

Kostas

34,595 次观看 • 6 个月前

It’s time! We’re slowly opening the gates to the Threat Hunting Labs for everyone who registered. Watch your inbox.
0:43
Kostastsale's profile picture

It’s time! We’re slowly opening the gates to the Threat Hunting Labs for everyone who registered. Watch your inbox.

Kostas

18,866 次观看 • 4 个月前

A Day in the Life of a CISO
0:36
Kostastsale's profile picture

A Day in the Life of a CISO

Kostas

65,448 次观看 • 2 年前

没有更多内容可加载