SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol. – GitHub – FalconForceTeam/SOAPHound: SOAPHound is a custom-developed .NET data …
Continue readingS1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. – GitHub – S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
Continue readingRansomware-Bericht: Immer weniger Opfer zahlen Lösegeld
Sicherheitsforscher zeigen aktuelle Trends bei Verschlüsselungstrojanern auf. Unter anderem schrumpfen die Summen von Lösegeldern. Verschlüsselungstrojaner sind nach wie vor eine der größten Bedrohungen für IT-Systeme von Unternehmen. https://www.heise.de/news/Ransomware-Bericht-Immer-weniger-Opfer-zahlen-Loesegeld-9613134.html
Continue readingWindows 11, version 23H2 security baseline
Microsoft is pleased to announce the release of the security baseline package for Windows 11, version 23H2! Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement …
Continue readingWeb AppSec Interview Questions
The following web application security questions and answers (mostly focused on web app hacking) are part of a series from my social media. The answers are hidden by default so you can practice answering them …
Continue readingConditional Access – Common Microsoft 365 Security Mistakes Series
Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/
Continue readingCloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. …
Continue readingStrategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines
Cloud-native applications are made up of multiple loosely coupled components called microservices. https://csrc.nist.gov/pubs/sp/800/204/d/ipd
Continue readingSAMATE
Welcome to the Software Assurance Metrics And Tool Evaluation (SAMATE) Website! Software assurance is a set of methods and processes to prevent, mitigate or remove weaknesses and vulnerabilities and ensure that software functions as intended. …
Continue readingRevisiting Traditional Security Advice for Modern Threats
Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months. https://www.mandiant.com/resources/blog/traditional-advice-modern-threats
Continue reading