Evading Palo Alto Traps Anti-Ransomware Protection (OBSOLETE)


This piece could be the shortest article you have/will read today, so don’t blink:

The PoC script below will mimic a ransomware, it will wipe the whole D: drive except some pre-excluded files and folders ($TrustedFiles and $TrustedFolders).
When running this script, Traps (version 4.1.0 and above, with the Anti-Ransomware module activated) will flag it as a ransomware and kills the process, that is because it is performing bulk files/folders modification:

Continue reading

The (Awesome) Universal Uninstall Script


So, it is the final quarter of the year, internal audit has just woken up from their hibernation directly up your…sleeves, and wants to keep stuff compliant.

Your manager, for the little sadist that he is, sends you a list of some twenty+ applications to uninstall from all the end-user machines.

As you already experienced the pain of uninstalling different applications from different vendors before, you know that not every company builds a way to perform silent/command line uninstallation.

So you tell your manager: Not this time you neo-fascist! (In your mind, of course, you don’t want to end up on the streets working for Facebook, because #DeleteFacebook right? Too much? ok…)

Today we will use a commercial uninstall tool coupled with our custom script to uninstall virtually any software, remotely and silently.

First, you need to buy Revo Uninstaller Pro Portable, it costs around 30$ per year, cheaper than a mid-fancy dinner.
Then, you create a deployment package, save my following script in the same directory as RevoUnPro.exe and publish it to all your users:

Continue reading