Red Team Tips: Updated PaloAlto XDR Bypass
Рет қаралды 4,999
Күн бұрынIn this week's red team tip, I show how to bypass Palo Alto Networks Cortex XDR. Much of this was inspired by what mrd0x released last year. Some major changes in XDR have made many methods not opsec safe. They also added obfuscation to some of the values.
Mrd0x Research:
mrd0x.com/cortex-xdr-analysis...
LaokoonSecurity Cortex XDR Extractor:
github.com/Laokoon-SecurITy/C...
My fixed fork of Cortex XDR Extractor:
github.com/BriPwn/Cortex-XDR-...
00:00 Introduction
00:57 Generating the Support File
01:53 Registry key bypass reg.exe
03:15 Registry Editor Method
05:12 Cytool
05:59 CortexXDRConfigExtractor
07:52 Hash and Salt Extraction
11:38 Cracking the Uninstall PW
13:00 Using Cytool to Disable XDR
15:24 Outro
@laokoonsecurity Жыл бұрын
Thanks for presenting this tool we created! We appreciate it!
@CyberAttackDefense Жыл бұрын
You bet!
@crash9706 Жыл бұрын
Best content out there. Keep it coming :D
@CyberAttackDefense Жыл бұрын
More to come! Thanks for watching
@dacheletjulien6834 4 ай бұрын
Hi and thanks a lot for your amazing job! I got a question about the hashcat command, what is the best syntax to bruteforce the hash ? thanks a lot
@redz24 Жыл бұрын
You should be able to use a debugger like x64dbg to bypass the password check so you don't need to crack that hash
@CyberAttackDefense Жыл бұрын
Interesting. I haven't tried that method. I will give it a shot.
@redz24 Жыл бұрын
@@CyberAttackDefense it's worked in the past against CrowdStrike. Just using common software cracking techniques
Cyber Attack & Defense
Рет қаралды 4,4 М.
Hack In The Box Security Conference
Рет қаралды 14 М.
Cyber Attack & Defense
Рет қаралды 12 М.
Cyber Attack & Defense
Рет қаралды 2,4 М.
Rj Mobile 01
Рет қаралды 8 МЛН
Tokparty
Рет қаралды 1,9 МЛН