Søren FritzbøgerinCSIS TechBlogSilencing Microsoft Defender for Endpoint using firewall rulesWindows Defender for Endpoint (Formerly Windows Defender ATP) is a so-called “cloud powered” EDR product[1], i.e. alerts and events are…Jan 21, 2021Jan 21, 2021
Søren FritzbøgerinCSIS TechBlogCVE-2020–1088 — Yet another arbitrary delete EoPIn January of 2020 I found and reported an Escalation of Privilege (EoP) vulnerability that allowed arbitrary deletion of files using WER.May 18, 2020May 18, 2020
Søren FritzbøgerinCSIS TechBlogEmbedding external DLLs into Covenant TasksHow we used Covenant to deploy SharpHound.Jan 14, 2020Jan 14, 2020