Windows Defender – Enumeration via Pervasive Mechanisms

Microsoft recently released Windows Defender signatures that blocks ALL files that can open or execute (such as .lnk or .pdf or .txt) with the word “Invoke-Mimikatz”. If you tried to open a blank text file called “Invoke-Mimikatz.txt”, it would be flagged as a Trojan! You might ask “What is Mimikatz”? …

Cloud storage virus scanning issue

Recently I was retrieving some x86 executables from the cloud storage platform “Google Drive” and realised there was a nice little disclaimer. (270M) is too large for Google to scan for viruses. Would you still like to download this file? Google Drive This worried me because it raises the question; …

Access Denied Information gathering thought

In today’s security aware age, it’s important to reflect on past mitigation’s and see if we can improve them.   Whilst doing recon on this WordPress install I realised that my nginx installation was returning very identifiable responses to directory traversal and directory fuzzing attack. In that it would respond …

ABS 2016 Australian Census Attack Problem

So when attempting to fill out the recent census this year, low and behold it’s non-responsive.   What was more aggravating was when checking social media sources, people were handing off the Bureau’s explanation, citing Abors LAYER 4 ATTACK MAP and criticising ABS for foul play…. Census is a layer …

Diagnosing and Mitigating Layer 7 (Application Layer) Distributed Denial of Service Attacks (Microcache/F2B/PHP5-FPM)

So, recently I began researching ways of hosting a CMS controlled site manually to cope with a high legitimate request load or a Layer 7 DDoS attack (Application Layer of the OSI Model). I have been the recipient of such attacks before which instantly gave out the “Resource Limit Exceeded” …