Jordan Drysdale

Author, Blue Team, Blue Team Tools, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale Azure, defense, Detection, doazlab.com, Impacket, Jordan Drysdale

Impacket Defense Basics With an Azure Lab

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]

Read the entire post here

Author, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Jordan Drysdale, Red Team Tools Jordan Drysdale

Impacket Offense Basics With an Azure Lab

Read the entire post here

Author, Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, Hunt Teaming, Informational, Jordan Drysdale Jordan Drysdale

The Azure Sandbox – Purple Edition

Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]

Read the entire post here

Author, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale, Sysmon

A Sysmon Event ID Breakdown – Updated to Include 29!!

Jordan Drysdale // UPDATES! October 30, 2023There’s been an additional update for Sysmon! Event ID 29! Another Event ID (EID) was added to the Sysmon service. This event ID followed […]

Read the entire post here

00500_12072020_JoyridingSILENTTRINITYUpdates

Author, Fun & Games, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale

Joyriding with SILENTTRINITY – UPDATES

Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the […]

Read the entire post here

Author, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale

Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike!

Jordan Drysdale // tl;dr Sentinel is easy! Especially when using Azure Sentinel To-Go. So, let’s do some threat research by deploying Sentinel To-Go and executing a Cobalt Strike beacon. Link: […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale

Azure Security Basics: Log Analytics, Security Center, and Sentinel

Jordan Drysdale // TL;DR The problem with a pentester’s perspective on defense, hunting, and security: Lab demographics versus scale. If it costs $15 bucks per month per server for me […]

Read the entire post here

00476_07232020_HowToAppliedPurpleTeamingLabBuild

Author, How-To, Informational, Jordan Drysdale, Kent Ickler Azure, Detection Lab, Jordan Drysdale, Kent Ickler, purple teaming, Terraform

How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!)

Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been […]

Read the entire post here

Author, How-To, Informational, Jordan Drysdale, Kent Ickler Jordan Drysdale, Kent Ickler, Windows Optics

How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots

Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors […]

Read the entire post here

1 2 3 4 ›»