Windows

Author, Blue Team, Noah Heckman Administration, UAC, Windows

Why You Really Need to Stop Disabling UAC

Noah Heckman // Windows Vista didn’t have many fans in the Windows community (to put it lightly). It beaconed in a new user interface, file structure, and a bunch of […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Red Team, Red Team Tools Certutil, Clip, Clipboard, Cmdkey, Curl, Microsoft, Net1, Sally Vandeven, Tar, Where, Whoami, Windows, Windows Command, Wslconfig

Rainy Day Windows Command Research Results

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we […]

Read the entire post here

00404_09042019_WEBCAST_WindowsloggingsysmonELK (1)

Author, How-To, Informational, John Strand, Webcasts elasticsearch, ELK, HELK, john strand, kibana, Logstash, Sysmon, Windows, Windows logging, Winlogbeat

Webcast: Windows logging, Sysmon, and ELK

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WindowsLogginSysmonELK.pdf 4:36 Problem Statement and Executive Problem Statement 9:00 […]

Read the entire post here

00402_08302019_WEBCAST_ImplementingSysmon

Author, How-To, Informational, John Strand, Red Team Tools, Webcasts applocker, Bypassing, Group Policies, group policy, john strand, Logging, Malware, Sysmon, whitelisting, Windows

Webcast: Implementing Sysmon and Applocker

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf 5:03 Introduction, problem statement, and executive problem […]

Read the entire post here

00256_12062017_DiggingIntoVulnerableWindowsServices

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks CredDefense, CredDefense Toolkid, End Point Log Consolidation, HoneyToken, kerberoasting, Pentesting, tool, WEF, Windows, Windows Event Forwarder

End-Point Log Consolidation with Windows Event Forwarder

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping […]

Read the entire post here

Author, David Fletcher, Phishing, Red Team Empire, Macro, macro malware, OSX, PowerShell, Windows

How To: Empire’s Cross Platform Office Macro

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition. One that we’ve run across a number of times includes a fairly even mixture […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts Memory Forensics, webcasts, Windows, Windows Memory Forensics

WEBCAST: Windows Memory Forensics

John Strand // In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the […]

Read the entire post here

1 2