-
LSASS Dump Attacks: Protected Process Dumper Tool
In this week’s Defend(er) Against, we are going to look at the project called PPLBlade by tastypepperoni, where the objective is to bypass Protected Process Light (PPL) to avoid Windows Defenders processing dumping detections. You can find the project that we are discussing right here:):GitHub – tastypepperoni/PPLBlade: Protected Process Dumper Tool Facts up fronts: Timeline:…
-
Properly Configure MDE for Windows
Now that you know what this blog is all about, let’s get right into it! In this first Threat Discussion blog, we’re going to look at what a well configured device looks like to combat todays threats. We’ll walk through the settings this lab device will have configured to give us a strong security posture.…
-
LSASS Dump Attacks: Protecting against OmriToolZ
In this week’s Defend(er) Against, we are going to look at the project called OmriToolZ, another LSASS dumping tool. This project can be found here – https://github.com/OmriBaso/RToolZ. Let’s go see what within the MDE stack steps up to it. Summary up front: Okay let’s get into it. I want to focus on the 3rd method…