https://support.microsoft.com/en-us/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v15-0-autoruns-v14-1-and-process-monitor-v3-95/ba-p/3857916
Sysmon v15.0 This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain sit...
https://github.com/CMEPW/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR - GitHub - CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR
https://github.com/LaresLLC/SysmonConfigPusher
Pushes Sysmon Configs. Contribute to LaresLLC/SysmonConfigPusher development by creating an account on GitHub.
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/latest-windows-hardening-guidance-and-key-dates/ba-p/3807832
Hardening is a key element of our ongoing security strategy to help keep your estate protected while you focus on your job. Increasingly creative cyberthreats target weaknesses anywhere possible, from the chip to the cloud. Have you seen our publications on hardening on the Windows message center? S...
https://www.youtube.com/watch?v=xvth9Zb1_ug
Mimikatz is a widely known and used tool in the offensive security scene, and also a nightmare for people in defensive security. Malware and ransomware devel...
https://github.com/Kudaes/EPI
Process injection through entry points hijacking. Contribute to Kudaes/EPI development by creating an account on GitHub.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-and-guest-authentication/ba-p/3846679
Heya folks, Ned here again. We recently made SMB signing the default in Windows Insider Enterprise client builds. In doing so, we were quickly reminded of a consequence from an old unsafe SMB behavior that some folks still use: guest authentication. Today I'll explain all this and give you the steps...
@m8urn
@infosec.pub