Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement inside an internal network and eventually fully compromise it. Therefore in a sys…
Intro & Background In February of this year, I posted a proof-of-concept script called “PowerPath” which combined Will Schroeder’s PowerView, Justin Warner’s concept of derivative local admin…
Generally speaking, I'm more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat... Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info) For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge... We had a full ...
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders - GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Develope...
MOF-tastic tricks or how to use MOF and powershell together
An extension of the last post, Embedding Powershell into Office Documents , I will be demonstrating that by using Managed Object Formats (MOF) and Powershell, we can attempt a few tricks to leverag…
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
APT & CyberCriminal Campaign Collection. Contribute to CyberMonitor/APT_CyberCriminal_Campagin_Collections development by creating an account on GitHub.
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
The following files are part of Appendix B of Incident Response and Computer Forensics 3rd Edition: Form 1 – Evidence Tag (.doc) – v1.0 Form 2 – Evidence Inventory (.doc) – v1.0 Form 3 – Client System Description (.doc) – v1.0 Form 4 – Evidence … Appendix B – Incident Response Forms Read More »