How-To

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team Active Directory, ADCS, exploit

Abusing Active Directory Certificate Services (Part 3)

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

Read the entire post here

Ethan Robish, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101 Personal Security

Rotating Your Passwords After a Password Manager Breach

| Ethan Robish It’s been nearly a year since Lastpass was breached and users’ encrypted vaults were stolen. I had already migrated to a different password manager for all my […]

Read the entire post here

Beau Bullock, How-To, Red Team, Red Team Tools, Steve Borosh Azure, cloud, microsoft365

Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365

By Beau Bullock & Steve Borosh TL;DR We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services – Part 2

| Alyssa Snow Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to […]

Read the entire post here

How Attackers Use SSH.exe as a Backdoor Into Your Network (5)

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services – Part One

| Alyssa Snow Active Directory Certificate Services (ADCS)1 is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing […]

Read the entire post here

How-To, Incident Response, Informational, InfoSec 201, Patterson Cake, Phishing csv data, M365, Microsoft 365, SOF-ELK, UAL, Unified Audit Log

Wrangling the M365 UAL with SOF-ELK and CSV Data (Part 3 of 3)

Patterson Cake // PART 1 PART 2 In part one of “Wrangling the M365 UAL,” we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part […]

Read the entire post here

How-To, Informational, InfoSec 201, Patterson Cake, Phishing BEC, Business Email Compromise, EC2, Exchange Online Management, M365, Microsoft 365, SOF-ELK, UAL, Unified Audit Log

Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3)

Patterson Cake // In PART 1 of “Wrangling the M365 UAL,” we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, […]

Read the entire post here

How-To, Incident Response, InfoSec 201, Patterson Cake, Phishing BEC, Business Email Compromise, Exchange Online Management, M365, Microsoft 365, PowerShell EXO, SOF-ELK, UAL, Unified Audit Log

Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)

Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]

Read the entire post here

Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Incident Response, Informational, InfoSec 101, InfoSec 201, Troy Wojewoda DFIR

Welcome to Shark Week: A Guide for Getting Started with Wireshark and TShark

Troy Wojewoda // In honor of Shark Week1, I decided to write this blog to demonstrate various techniques I’ve found useful when analyzing network traffic with Wireshark, as well as […]

Read the entire post here

1 2 3 4 ›»