Jordan Drysdale

Blue Team, Blue Team Tools, How-To, Informational, Jordan Drysdale

Parsing Sysmon Logs on Microsoft Sentinel

Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]

Read the entire post here

Author, David Fletcher, Jordan Drysdale, Red Team, Red Team Tools, Webcasts

Webcast: Attack Tactics 8 – Poison the Well – Jordan Drysdale & David Fletcher

Read the entire post here

Author, Blue Team, Blue Team Tools, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale Azure, defense, Detection, doazlab.com, Impacket, Jordan Drysdale

Impacket Defense Basics With an Azure Lab

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]

Read the entire post here

Author, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Jordan Drysdale, Red Team Tools Jordan Drysdale

Impacket Offense Basics With an Azure Lab

Read the entire post here

Author, Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Hunt Teaming, Informational, InfoSec 101, Jordan Drysdale ARM Templates, Attribution, Detection, Engineering, Geopolitics, hunting, Microsoft Sentinel

Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel

Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs […]

Read the entire post here

Author, Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, Hunt Teaming, Informational, Jordan Drysdale Jordan Drysdale

The Azure Sandbox – Purple Edition

Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]

Read the entire post here

Author, Informational, InfoSec 101, Jordan Drysdale, Kent Ickler, Webcasts

Webcast: The Quest for the Kill Chain Killer Continues

Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale, Sysmon

A Sysmon Event ID Breakdown – Updated to Include 26, 27 and 28!!

Jordan Drysdale // UPDATES! December 22, 2022 So – there have been some changes to Sysmon and this blog needed polishing. The latest Event IDs and descriptions are now included for […]

Read the entire post here

00500_12072020_JoyridingSILENTTRINITYUpdates

Author, Fun & Games, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale

Joyriding with SILENTTRINITY – UPDATES

Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the […]

Read the entire post here

1 2 3 4 ›»