Blue Team

Blue Team, Blue Team Tools, Guest Author, Informational, InfoSec 101, Red Team, Red Team Tools Infosec for Beginners, InfoSec Survival Guide, Purple Team

Blue Team, Red Team, and Purple Team: An Overview

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]

Read the entire post here

Blue Team, Incident Response, Informational, Jordan Drysdale Blue Team Detections, detection engineering, event auditing, msDS-KeyCredentialLink, Shadow creds

Enable Auditing of Changes to msDS-KeyCredentialLink 

Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the answer: TrustedSec.  So, credit where […]

Read the entire post here

Blue Team, David Perez, Incident Response, Informational Azure, Entra ID, SIEM, SOC

Monitoring High Risk Azure Logins 

Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Red Team

Abusing Active Directory Certificate Services (Part 4)

Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will […]

Read the entire post here

Blue Team, Guest Author, How-To Detection, framework, homelab, mitre att&ck

At Home Detection Engineering Lab for Beginners

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]

Read the entire post here

General InfoSec Tips & Tricks, Incident Response, Informational, Terry Reece externally exploitable services

In Through the Front Door – Protecting Your Perimeter  

While social engineering attacks such as phishing are a great way to gain a foothold in a target environment, direct attacks against externally exploitable services are continuing to make headlines. […]

Read the entire post here

Incident Response, Informational, Patterson Cake OSINT

OSINT for Incident Response (Part 2)

Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, LLMNR, Red Team

Bypass NTLM Message Integrity Check – Drop the MIC

In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]

Read the entire post here

Blue Team, Blue Team Tools, Guest Author, How-To, Informational art, cdr, cloud, falco, ids, realtime, tests

Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]

Read the entire post here