How to Lead Effective Tabletops
Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations.
How-To
OSINT: How to Find, Use, and Control Open-Source Intelligence
OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).
What to Do with Your First Home Lab
Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?
Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization’s ability to detect and follow-up on social engineering attacks.
Deceptive-Auditing: An Active Directory Honeypots Tool
Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.
Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation
This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven’t already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.
Abusing Delegation with Impacket (Part 2): Constrained Delegation
This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven’t already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.
Abusing Delegation with Impacket (Part 1): Unconstrained Delegation
In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2)
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!