Sass, David

@sassdawe@infosec.exchange
331 Followers
361 Following
4.3K Posts

Black Lives Matter

Dreamer | Speaker | Legend | SRE | MCT | Shadow Architect

He/him/his/Skills

VB better than PowerShell

Have we met?

GitHubhttps://github.com/sassdawe
Bloghttps://kolislab.com
Sessionizehttps://sessionize.com/david-sass/
Linkshttps://davidsass.io
Sass, David1h ago
skye, eira, ibisJun 10
ok well you don't have to make it personal
Sass, David4h ago
steve mookie kong9h ago

18 Rules of Software Engineering.

#dev #developer #programmer #software #engineering

Sass, David11h ago
Viss12h ago

so ai is going great

https://m.slashdot.org/story/443463

Sass, David1d ago
Security Writer1d ago
Had a nightmare last night that you could drag and drop chats in Teams into other chats, and it would just insert the messages in the appropriate time stamp locations.
Sass, David1d ago
воР0на Jun 6
I'm awake and ready to make that a problem. Happy Friday.
Sass, David1d ago
Show threadda_6671d ago
holy shit, my templates load.
Sass, David1d ago
SwiftOnSecurity1d ago
Originally posted: November 15, 2014
Sass, David1d ago
buherator2d ago
👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire
Sass, David1d ago
Kevin McDonald2d ago

Long before the internet, some phone networks were hackable by playing a single tone at 2600Hz.

Whistled into a phone, it could grant you unrestricted access. Do you have the vocal chops to be an old-school phone phreak?

I built a web app to test your ability to produce the legendary frequency. You won't get free long distance calls but you will get some honor in the knowledge that you could have been a cool hacker. 😎

I am sad to say that I can only whistle up to 1100Hz... But my wife (a long time woodwind player) is able to consistently get it.

Give it a try: https://phreak.kmcd.dev/

#phreaking #2600Hz #bluebox #RetroComputing #hacker #infosec #Tech

Phone Phreak Emulator

Test your phreaking skills by hacking this phone line.

Sass, David1d ago
Stephan Berger2d ago

I successfully tested a LSASS dumping technique on a Windows 10 lab machine, which we encountered on a recent Incident Response engagement (no EDR, default Defender installed).

The "MiniDumpWriteDump" technique, as described here [1], was successful in writing the LSASS process to disk.

However, as soon as I tried to copy the dump to my Kali machine, Defender jumped into action, prohibited access to the LSASS dump, and removed the file to the quarantine. And here is the catch.

I browsed to the following folder:
C:\ProgramData\Microsoft\Windows Defender\Quarantine

In the ResourceData folder, you will find different sub-folders (or not, if Defender never quarantined something on that host), each folder containing a quarantine file.

The files are encrypted with a static key that leaked years ago, and this 10-year-old code snippet is still sufficient to decrypt the files back to their original state. [2]

Long story short: I copied the encrypted file to my Kali machine, decrypted it using the Python code from [2], and extracted the credentials and hashes with pypykatz. [3]

Classic example of "No, it's not enough when your AV blocked or removed a threat". As you can see, an attacker can easily get the LSASS dump, even if Defender removed it from the disk ¯\_(ツ)_/¯

[1 ]https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
[2] https://raw.githubusercontent.com/malmoeb/DFIR/refs/heads/master/quarantine.py
[3] https://github.com/skelsec/pypykatz