The purpose of this guide is to view Active Directory from an attacker perspective. I will try to review different aspects of Active Directory and those terms that every pentester should control in order to …
Continue readingMonth: May 2021
BloodHound Cypher Cheatsheet
Bloodhound uses Neo4j, a graphing database, which uses the Cypher language. Cypher is a bit complex since it’s almost like programming with ASCII art. https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
Continue readingAnalysis of the 2021 Verizon Data Breach Report (DBIR)
Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. …
Continue readingIncident response playbooks
You need to respond quickly to detected security attacks to contain and remediate its damage. As new widespread cyberattacks happen, such as Solarigate and the Exchange Server vulnerability, Microsoft will respond with detailed incident response …
Continue reading