Severins kleine Cyber Seite

The second version of Game Of Active directory is out! https://github.com/Orange-Cyberdefense/GOAD https://mayfly277.github.io/posts/GOADv2/

Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and …

This reference architecture illustrates how to use Microsoft Defender for Cloud and Microsoft Sentinel to monitor the security configuration and telemetry of on-premises and Azure operating system workloads. This includes Azure Stack. Download a Visio …

MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. https://github.com/dafthack/MFASweep

ORKL Search Engine for Threat Intelligence Reports by @RobertHaist https://t.co/RDqh7l4Kl3 https://twitter.com/cyb3rops/status/1588189837995147265

Attacking & Securing Active Directory Table of Contents https://rmusser.net/docs/Active_Directory.html

Recently I’ve been hearing about malware mounting ISOs as a method of bypassing AV and EDR. https://malicious.link/post/2022/blocking-iso-mounting/

AWS Security Maturity Model https://maturitymodel.security.aws.dev/en/model/

Sysmon View helps in tracking and visualizing Sysmon logs by logically grouping and correlating the various Sysmon events together, using existing events data, such as executables names, session GUIDs, event creation time, etc., the tool …

If you just do the first then the success that those improvements bring taper off or are a just a patch-work of bright spots amid a back drop of issues and instability. If you just …