Intro The Ryuk threat actors went from a phishing email to domain wide ransomware in 5 hours. They escalated privileges using Zerologon (CVE-2020-1472), less than 2 hours after the initial … Read More https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
Continue readingAuthor: Severin Winkler
Security Scorecards
A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk “You passed! All D’s … and an A!” Automate analysis and trust decisions on the security posture of open source projects. https://github.com/ossf/scorecard
Continue readingForensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages. https://www.andreafortuna.org/2019/08/01/forensic-analysis-of-windows-10-compressed-memory-using-volatility/
Continue readingAutotimeliner to CyberChef to Timesketch
As you might know, I love to combine several OpenSource tools to get things done. One thing I wanted to play for some weeks is Autotimeliner by Andrea Fortuna.This tool is made to extract events …
Continue readingActive Directory forest trusts part 2 – Trust transitivity and finding a trust bypass
In my first personal blog post in 2018 I wrote about Active Directory forest trusts and how they work under the hood. Part two of the series was since then promised but never delivered. https://dirkjanm.io/active-directory-forest-trusts-part-two-trust-transitivity/
Continue readingMind-Maps
Mind-Maps Bug Hunters Methodology – [Jhaddix] Fiding Server side issues – [Imran parray] Javascript Recon My Recon – [Imran parray] https://github.com/imran-parray/Mind-Maps
Continue reading> Attacking Active Directory: 0 to 0.9
The purpose of this guide is to view Active Directory from an attacker perspective. I will try to review different aspects of Active Directory and those terms that every pentester should control in order to …
Continue readingBloodHound Cypher Cheatsheet
Bloodhound uses Neo4j, a graphing database, which uses the Cypher language. Cypher is a bit complex since it’s almost like programming with ASCII art. https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
Continue readingAnalysis of the 2021 Verizon Data Breach Report (DBIR)
Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. …
Continue readingIncident response playbooks
You need to respond quickly to detected security attacks to contain and remediate its damage. As new widespread cyberattacks happen, such as Solarigate and the Exchange Server vulnerability, Microsoft will respond with detailed incident response …
Continue reading