all InfoSec news
Windows a file-less, persistent, local privilege escalation backdoor and detection approach
March 12, 2023, 6:36 a.m. | /u/digicat
For [Blue|Purple] Teams in Cyber Defence www.reddit.com
sc.exe sdset scmanager D:(A;;KA;;;WD)
Setting the security descriptor on the service manager to allow anyone to start SYSTEM services! Will Blue notice this?? ;)
Detection with Velociraptor:
[https://github.com/Velocidex/velociraptor-docs/pull/531/commits/2b957311bd252dc8453c0cdf3b5acdba1e9fbd93](https://github.com/Velocidex/velociraptor-docs/pull/531/commits/2b957311bd252dc8453c0cdf3b5acdba1e9fbd93)
source: [https://twitter.com/Alh4zr3d/status/1629535208297975809?t=wryopPzbbLfEgYKV3cqA0g&s=19](https://twitter.com/Alh4zr3d/status/1629535208297975809?t=wryopPzbbLfEgYKV3cqA0g&s=19)
amp backdoor blue blueteamsec detection escalation file local local privilege escalation manager notice persistent privilege privilege escalation security service services start system velociraptor windows
More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence
No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities
3 days, 9 hours ago |
www.reddit.com
Request for Feedback: Roadmap to Threat Hunter
3 days, 23 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cloud Technical Solutions Engineer, Security
@ Google | Mexico City, CDMX, Mexico
Assoc Eng Equipment Engineering
@ GlobalFoundries | SGP - Woodlands
Staff Security Engineer, Cloud Infrastructure
@ Flexport | Bellevue, WA; San Francisco, CA
Software Engineer III, Google Cloud Security and Privacy
@ Google | Sunnyvale, CA, USA
Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy
@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA