Subscribe: Entries feed

Last update: 25 September 2022

ALPHA THREAT BLOGS

An exemplary learning community

HUNT THREATS WITH PC HUNTER

PCHunter is a toolkit with access to hundreds of settings including  kernels and kernel modules, processes, network, startup, etc. This blog explores the features and how this can be utilized in your Threat Hunting process. A free and practical toolkit for Windows, PCHunter anti-rootkit has a number of potent tools for inspecting and manipulating...

Decoding the /proc/<PID>/net/tcp

The Linux concept of 'Everything is a file' is a very helpful one. This post share details of an attacker can read the network statistics even if the commands like 'netstat' and 'lsof' are not available.   /proc is a virtual file system that is created each time a system boots and is dissolved during shutdown. The directory /proc contains (among...

SQLMAP TAMPER SCRIPTS

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. This blog explains various tamper scripts and their usage. Credits to original author for piling this up TAMPER SCRIPT TESTED against NOTES \ TIPS apostrophemask UNIVERSAL \ NOT DESCRIBED...

REGISTRY AND MALWARE PERSISTENCE

This amazingly interesting post describes persistence techniques malwares use today via Registry entries. Malwares have been an interesting topic of research since the very first computer virus was developed called a "Brain". Malware development has tremendously evolved since then. Our team observes new strains of virus samples everyday....

DATA EXFILTRATION with PING

In this post we dive deep into the ICMP protocol and utilise the same for exfiltration of data without any external tool. Before we get into technical stuff let us quickly brush up on our theory. ICMP The ICMP stands for Internet Control Message Protocol. It is a network layer protocol used by network devices to diagnose network communication...

HIDING YOUR BACKDOOR FROM DETECTION

This post explains a very simple technique to skip detection of your backdoor from native tools like netstat, ps, lsof This article assumes the attacker have already gained root access over a machine and now is planning to plant a hidden backdoor. There are lots of methods to achieve the same like installing a rootkit, port knocking, etc but in...

- page 1 of 1