Рет қаралды 4,999
In this week's red team tip, I show how to bypass Palo Alto Networks Cortex XDR. Much of this was inspired by what mrd0x released last year. Some major changes in XDR have made many methods not opsec safe. They also added obfuscation to some of the values.
Mrd0x Research:
mrd0x.com/cortex-xdr-analysis...
LaokoonSecurity Cortex XDR Extractor:
github.com/Laokoon-SecurITy/C...
My fixed fork of Cortex XDR Extractor:
github.com/BriPwn/Cortex-XDR-...
00:00 Introduction
00:57 Generating the Support File
01:53 Registry key bypass reg.exe
03:15 Registry Editor Method
05:12 Cytool
05:59 CortexXDRConfigExtractor
07:52 Hash and Salt Extraction
11:38 Cracking the Uninstall PW
13:00 Using Cytool to Disable XDR
15:24 Outro