DomCat: A Domain Categorization Tool
DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1)
In part 1 of this post, we’ll discuss how Hayabusa and “Security Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
Microsoft Store and WinGet: Security Risks for Corporate Environments
The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy.
Default Web Content
Whether it’s forgotten temporary files, installation artifacts, READMEs, or even simple image files–default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.
MailFail
MailFail is a Firefox browser extension that identifies and provides commands to exploit a large number of email-related misconfigurations for the current domain and subdomain. The extension’s UI popup highlights any misconfigurations in red and links to the supporting documentation.
Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security
Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks.
Stop Spoofing Yourself! Disabling M365 Direct Send
Remember the good ‘ol days of Zip drives, Winamp, the advent of “Office 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]
Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone
A Content Security Policy (CSP) is a security mechanism implemented by web servers and enforced by browsers to prevent various types of attacks, primarily cross-site scripting (XSS). CSP works by restricting resources (scripts, stylesheets, images, etc.) on a webpage to only execute if they come from approved sources. However, like most things in security, CSP isn’t bulletproof.
Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource
An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.