Attacking & Securing Active Directory Table of Contents https://rmusser.net/docs/Active_Directory.html
Continue readingBlocking ISO mounting
Recently I’ve been hearing about malware mounting ISOs as a method of bypassing AV and EDR. https://malicious.link/post/2022/blocking-iso-mounting/
Continue readingAWS Security Maturity Model
AWS Security Maturity Model https://maturitymodel.security.aws.dev/en/model/
Continue readingSysmon Tools
Sysmon View helps in tracking and visualizing Sysmon logs by logically grouping and correlating the various Sysmon events together, using existing events data, such as executables names, session GUIDs, event creation time, etc., the tool …
Continue readingSecrets of Successful Security Programs – Part 1
If you just do the first then the success that those improvements bring taper off or are a just a patch-work of bright spots amid a back drop of issues and instability. If you just …
Continue readingBlockchain + SSI = ID?
Der aktuelle Trend proklamiert Self-Sovereign-Identities (SSI) auf Blockchains / Distributed Ledger Technologies (DLT) für alle Bundesbürger, ja zukünftig sogar für alle EU-Bürger. https://medium.com/@ckahlo/blockchain-ssi-id-d7e51d98d050
Continue readingMicrosoft 365 Licensing
Skip to main content Microsoft 365 Licensing By Aaron Dinnage — June, 2021 OFFLINE Saved diagrams Feature matrix Change log User guide Downloads Settings https://m365maps.com/
Continue readingAntivirus Event Analysis Cheat Sheet v1.8.2
The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events …
Continue readingAzure AD. Attack of the Default Config
Uncloaking dangerous and default configurations within Azure. There are several default configurations within the admin portal of Azure. The main affected area is Azure Active Directory (Azure AD) which is the primary area that controls …
Continue readingCobalt Strike, a Defender’s Guide
Intro The Ryuk threat actors went from a phishing email to domain wide ransomware in 5 hours. They escalated privileges using Zerologon (CVE-2020-1472), less than 2 hours after the initial … Read More https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
Continue reading