25 October 2017

windows reactivation slmgr

slmgr -rearm

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/SoftwareProtectionPlatform
–>“SkipRearm”=dword:00000000
Just change 00000000 to 00000001. (After 3 Rearms Windows 7 Reaarm key would change to 00000000,So we have to change the value to enable Rearm once again).

11 October 2017

mata api

mandian: 46% incedent , tiada malware di install.

100% attack, curi credential


Attack lifecylce:
-Initial Recon
-Initial Compromise(laptop, end user device)
-Establish Foothold
-Escalate Privileges
-Internal Recon
-Complete Mission(data theft) (disini baru ada bussiness impact.)

Prevention:
-Malware problem
-Endpoint EPP
-Tactical Intellgigence
-MSSP

Detection Breach
-First Atack, usually malware, tapi lepas breach, human attacker.
- Endpont Detection and Response(EDR)
- Operational Threat Intellignence
-MDR, Manage Detection and REsponse




Fin7
mimikatz
gizmodo
doubleagent

02 October 2017