The purpose of this guide is to view Active Directory from an attacker perspective. I will try to review different aspects of Active Directory and those terms that every pentester should control in order to …
Continue readingBloodHound Cypher Cheatsheet
Bloodhound uses Neo4j, a graphing database, which uses the Cypher language. Cypher is a bit complex since it’s almost like programming with ASCII art. https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
Continue readingAnalysis of the 2021 Verizon Data Breach Report (DBIR)
Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. …
Continue readingIncident response playbooks
You need to respond quickly to detected security attacks to contain and remediate its damage. As new widespread cyberattacks happen, such as Solarigate and the Exchange Server vulnerability, Microsoft will respond with detailed incident response …
Continue readingMimikatz
It seems like many people on both sides of the fence, Red & Blue, aren’t familiar with most of Mimikatz’s capabilities, so I put together this information on all the available commands I could find. …
Continue readingMobile Security Framework (MobSF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. https://github.com/MobSF/Mobile-Security-Framework-MobSF
Continue readingThe Consumer Authentication Strength Maturity Model (CASMM)
This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? People …
Continue readingEnterprise access model
This document describes an overall enterprise access model that includes context of how a privileged access strategy fits in. For a roadmap on how to adopt a privileged access strategy, see the rapid modernization plan …
Continue readingPowerShell Logging and Security
This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse. https://www.secjuice.com/enterprise-powershell-protection-logging/
Continue readingWas neues um an EDR vorbeizukommen – ScareCrow
ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). https://github.com/optiv/ScareCrow
Continue reading