About tech_noob

This one will find password on command line argument, you will be surprised if you find a clear text password on this query   dataset = xdr_data | filter actor_process_command_line = "*pass*" ... View more

We now use XDR Pro. We recently had an internal pen test, XDR detected port scanning, etc., but it did not detect and prevent nbns spoofing with Kali responder, some hash was captured but luckily they were not able to crack them. I ran responder on the same lan where I have a windows 10 with XDR pro. I rebooted Windows 10 and I was able to capture hashes with Kali responder. I looked a the XDR logs but I am having a hard time finding IOC/BIOC for detecting responder..any thoughts on this? Thanks. ... View more

We now use Cortex XDR pro. We recently had had a  pen test internal audit, XDR detected port scanning etc. but it did not detect kali linux responder/nbns spoofing. Security auditor captured hashes but luckily they were not able to crack them. I tried Kali responder running on a VM, I rebooted my endpoint with XDR pro on the same LAN, and I was able to capture some hash with responder. From the XDR logs I am having a hard time finding IOC/BIOC I can use to detect and prevent responder...any thoughts on this? Our pen tester said that since the responder is passive it will be hard to detect. - thanks   ... View more