Wie viele Policies sind notwendig, um einen Microsoft 365 Tenant vernünftig abzusichern? Zwei? Drei? Zwölf? Dreißig? Die Wahrheit liegt für die meisten Tenants dazwischen. Es gibt einige Dinge zu beachten und kein passendes CA-Regelwerk von der Stange.
Continue readingAuthor: Severin Winkler
GitHub – nshalabi/SysmonTools: Utilities for Sysmon
Sysmon View helps in tracking and visualizing Sysmon logs by logically grouping and correlating the various Sysmon events together, using existing events data, such as executables names, session GUIDs, event creation time, etc., the tool then re-arranges this data for display into multiple views
Continue readingGitHub – decoder-it/KrbRelayEx-RPC
KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Continue readingDeception in Depth – Hiding AD Users and Groups – Part 1
Hello darkness, my old friend. We’re back after quite the long hiatus with another entry in the Deception in Depth series, since then I’ve changed roles from the lead on the deception project at $Employer to the Red Team (I’ve mentioned this in a few posts before, I think.
Continue readingHow Google Does It: Using threat intelligence to uncover and track cybercri
One of the GTIG teams was able to investigate the malware in concert with our cybercrimes investigations group, and the legal litigation team was able to take civil action against the CryptBot malware distributors.
Continue readingPEASS-ng/linPEAS/README.md at master · peass-ng/PEASS-ng · GitHub
LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz.
Continue readingStressed Testing: Practical Operational Resilience
Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in particular the Bank of England and then others.
Continue readingSoaPy: Stealthy enumeration of Active Directory environments through ADWS
Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions.
Continue readingonwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no https://portswigger.net/research/new-exotic-events-in-the-xss-cheat-sheet
Continue readingRed Team Chronicles: Your trash my treasure
What happens when hackers need to get creative? This month’s edition of The Red Team Chronicles looks at a story from Jason Haddix who needed to get thrifty with his team to get access to …
Continue reading