Blog

This is the recorded session I delivered during a Hack In The Box SecTrain 2021 Free Workshop.
If you are looking to get into the threat hunting domain and want to learn more about how to get network and OS visibility/telemetry needed for advanced detection and threat hunting with Open Source / free tools, then this session is for you.

Read now

KRF - a Kernelspace Randomized Faulter is a tool that rewrites the Linux / FreeBSD system call table. It consists of krfx kernel module, the krfctl userspace tool, some binary examples, and krfmesg that allows for logging a faulting status. When configured via krfctl, KRF replaces faultable syscalls with thin wrappers where we could inject our malicious code. Each wrapper then performs a check to see whether the call should be faulted using a configurable targeting system capable of targeting a specific personality(2), PID, UID, and/or GID. If the process shouldn't be faulted, the original syscall is invoked. In the end, the targeted call is faulted via a random failure function. For example, a getcwd() call might receive one of ERANGE, ENAMETOOLONG, EACCES, ENOMEM, EFAULT, ENOENT, and so on. Let's see how we could run this nice persistence technique against Linux boxes.

Read now

PurpleLABS is a dedicated, virtual infrastructure for detecting and analyzing the behavior of attackers in terms of the techniques, tactics, procedures, and used offensive tools. The environment is to serve the continuous improvement of competences in the field of threat hunting and learning about current trends from offensive scope (red-teaming) vs direct detection perspective (blue-teaming). By providing high-quality training materials with the lab environment in a scalable online format, we want to enable businesses to improve the detection capacity of their SOC teams and achieve better visibility and resistance to attacks. The active participation of your organization's security team in PurpleLabs will allow you to:

Read now

PurpleLABS to dedykowana, wirtualna infrastruktura do przeprowadzania detekcji i analiz zachowania atakujących pod kątem wykorzystywanych technik, taktyk, procedur oraz narzędzi ofensywnych. Środowisko służyć ma stałemu podnoszeniu kompetencji w zakresie wyszukiwania zagrożeń (threat hunting) oraz poznawania aktualnych trendów działań ofensywnych (red teaming) w bezpośrednim ujęciu detekcyjnym (blue teaming). Poprzez udostępnienie wysokiej jakości materiałów szkoleniowych wraz ze środowiskiem laboratoryjnym w skalowalnym formacie online chcemy umożliwić biznesowi poprawę zdolności detekcyjnej ich zespołów SOC oraz uzyskanie lepszej widoczności i odporności na ataki. Aktywny udział zespołu bezpieczeństwa danej organizacji w programie PurpleLabs pozwoli na:

Read now