Blog

Updating the HackRF One’s firmware

Instructions might be a bit unclear on how to ugrade the HackRF’s firmware, so here’s a short step-by-step guide. Download your appropriate HackRF release: https://github.com/mossmann/hackrf/releases/ Extract: tar -xfv hackrf-2017.02.1.tar.xz Open up the folder containing the firmware: cd hackrf-2017.02.1/firmware-bin/  Update the SPI flash: hackrf_spiflash -w hackrf_one_usb.bin Update the CPLD: hackrf_cpldjtag -x hackrf_cpld_default.xsvf Press the reset button and let it […]

Continue Reading
Blog Tips & Tricks

Detecting if Volume Shadow Copies has been explicitly disabled through registry

Ransomware is very fond of disabling Volume Shadow Copies when infecting targets. Here is a script to remotely detect if Volume Shadow Copies has been disabled. First, we use PSExec from Microsoft Sysinternals and a local reg query command. This is useful if you only have a list of IP addresses, not hostnames of the […]

Continue Reading
Blog Tips & Tricks

Mapping attack surface for Ransomware / Cryptolocker

With all the ransomware hitting everyone, everywhere, I decided to share my scripts on how I map the attack surface of internal threats, and subsequently ransomware / cryptolocker. It is not fully automated yet, but hopefully sharing this will give people the right ideas, and perhaps some might even automate it. For now, this only […]

Continue Reading
Blog Tips & Tricks

Using Powershell to fetch file hashes with multiple algorithms

You might need to check file hashes across multiple directories and across multiple algorithms, e.g. verifying all files hashsums against both MD5 and SHA1. This is an example of how to accomplish such task using Powershell.                   The command you run is: gci -Recurse | select FullName | […]

Continue Reading
Blog Tips & Tricks

Remotely lock a computer, and prevent them from logging back in

Sometimes you have to throw someone off a terminal, but at the same time preserve the evidence on the terminal. For example if someone is using a terminal to hack something, and you need to secure the running terminals to capture the commands that has been run. It is quite simple to accomplish this, as […]

Continue Reading
Back To Top