Ask Your Question

Eliott's profile - activity

2018-07-02 14:14:31 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks I'm going to try to detect DCE/RPC by identifying those values

2018-07-02 10:04:43 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks I'll try to explore this way to see if I'm able to follow the TCP stream from the creation of the context to the

2018-07-02 09:06:43 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks I'll try to explore this way to see if I'm able to follow the TCP stream from the creation of the context to the

2018-07-02 09:06:21 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks I'll try to explore this way to see if I'm able to follow the TCP stream from the creation of the context to the

2018-06-29 14:02:05 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Here is an archive with 2 different packet capture file. https://nofile.io/f/1P4DNYj2qOS/capture.zip

2018-06-29 14:01:15 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Here is an archive with 2 differents packet capture file. https://nofile.io/f/1P4DNYj2qOS/capture.zip

2018-06-29 12:47:21 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Yes I did. But I can only get the DRSUAPI-REPLICA-ADD with encrypted stub data. The problem is if I change datas within

2018-06-29 12:37:37 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Yes I did. But I can only get the DRSUAPI-REPLICA-ADD with encrypted stub data. The problem is if I change datas within

2018-06-29 12:35:34 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Yes I did. But I can only get the DRSUAPI-REPLICA-ADD with encrypted stub data. The problem is if I change datas within

2018-06-29 12:12:05 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Yes I did. But I can only get the DRSUAPI-REPLICA-ADD with encrypted stub data. The problem is if I change datas within

2018-06-29 12:10:59 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Yes I did. But I can only get the DRSUAPI_REPLICA_ADD with encrypted stub data. The problem is if I change datas within

2018-06-29 10:11:33 +0000 commented answer How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks but it just allow to filter the "DRSUAPI-REPLICA-ADD" in wireshark. The purpose is to extract a generic hexadecim

2018-06-29 10:11:13 +0000 received badge  Rapid Responder (source)
2018-06-29 10:11:13 +0000 answered a question How to flag DRSUAPI_REPLICA_ADD signature ?

Thanks but it just allow to filter the "DRSUAPI-REPLICA-ADD" in wireshark. The purpose is to extract a generic hexadecim

2018-06-28 15:46:46 +0000 received badge  Editor (source)
2018-06-28 15:46:46 +0000 edited question How to flag DRSUAPI_REPLICA_ADD signature ?

How to flag DRSUAPI_REPLICA_ADD signature ? Hi, I'm currently working on a way to identify and block DC Shadow attack w

2018-06-28 15:46:07 +0000 asked a question How to flag DRSUAPI_REPLICA_ADD signature ?

How to flag DRSUAPI_REPLICA_ADD signature ? Hi, I'm currently working on a way to identify and block DC Shadow attack w