Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Cortex XDR is a detection and response system by Palo Alto Networks that is installed on user machines. An actor, with control over the machine, should not be able to remove this.

To disable the agent, a single registry key needs to be modified. Since the permissions are not set properly on the registry key, anybody can modify the string ServiceDll to disable it.

Cortex XDR has various global settings. The tool cytool.exe has the ability to do important thing as system, such as disable the protections and many other things. By default, this has the password, Password1. If this is left on, anybody can disable or uninstall XDR.

Even if the password is changed, the hash is stored locally and it can be cracked. However, this uses Argon2, which is hard to crack. This can be done by using the Generate Support File, which creates a dump of the persistence folder, which has the hash in it.

Overall, good finds! Sometimes, the people making security services do not care much about security themselves. These are all simple logic or access control bugs.