How-To

How-To, Incident Response, InfoSec 201, Patterson Cake, Phishing BEC, Business Email Compromise, Exchange Online Management, M365, Microsoft 365, PowerShell EXO, SOF-ELK, UAL, Unified Audit Log

Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)

Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]

Read the entire post here

Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Incident Response, Informational, InfoSec 101, InfoSec 201, Troy Wojewoda DFIR

Welcome to Shark Week: A Guide for Getting Started with Wireshark and TShark

Troy Wojewoda // In honor of Shark Week1, I decided to write this blog to demonstrate various techniques I’ve found useful when analyzing network traffic with Wireshark, as well as […]

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Serena DiPenti

Shenetworks’ Guide to Landing Your First Tech Job

Serena DiPenti // Buckle up for this one because I’m about to give you A LOT of information. As someone who works in tech and creates tech content, I am […]

Read the entire post here

External/Internal, How-To, Informational, Justin Angel Exfil

Evasive File Smuggling with Skyhook 

ImposterKeanu // Introduction  This blog post introduces the reader to “The Obfuscation Hustle”, a term I enjoy using to describe the tedious process of obfuscating and delivering files to corporate […]

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Malone Archive, data, testing

Six Tips for Managing Penetration Test Data

John Malone // Introduction Information is power. This sentiment also holds true when discussing the creation of a supporting archive. A supporting archive is something that we put together to […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Jordan Drysdale

Parsing Sysmon Logs on Microsoft Sentinel

Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]

Read the entire post here

Finding, How-To, Informational, Isaac Burton, Web App Prototype Pollution, Web API

Hit the Ground Running with Prototype Pollution  

Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]

Read the entire post here

Fernando Panizza, General InfoSec Tips & Tricks, How-To, Informational

Forwarding Traffic Through SSH

Fernando Panizza // This was meant to be an OpenSSH how-to blog, but since I had time, I decided to read the man pages (manual pages that you can access […]

Read the entire post here

How-To, Joseph Kingstone, Physical

Tales From the Pick: Intro to Physical Security Tools

Joseph Kingstone // Looking to get into physical security? Not sure what you need to get started? Look no further.  What are Physical Security Assessments?   Physical security assessments evaluate an […]

Read the entire post here