Blue Team

Detecting Cobalt Strike

Detecting Cobalt Strikes via Named Pipes

Active Directory

Mitre T1558.003: Kerberoasting

Mitre ATT&CK technique T1558.003 or more commonly known as Kerberoasting, is a technique that allows a malicious actor to brute force Kerberos TGS(ticket-granting service) tickets offline.

Sysmon

T1055: Process Injection and Sysmon

In this post I will cover Miters Process Injection (T1055) and some ways that you can detect it and prove it's working

cve-2020-0601

CVE-2020-0601: Chain of Fools/Curve Ball

Having been asked to look into CVE-2020-0601 for work, I thought I'd share what I learned. What is it? It is a flaw in the way Microsoft was validating Elliptic

cuckoo

Setting up Cuckoo

Cuckoo is a sandbox for testing malware. Here, I cover how to set up cuckoo and analyze some malware.

Blue Team

Yara Basics

Learn the basics of Yara.

hacking

Vulcan Process Injection

Windows Process Injection with Vulcan. 🖖

aircrack-ng

WPA/WPA2 PMKID attack

Crack WPA2 via PMKID.

Windows

Getting System with PowerSploit

Quickly get system level privileges with PowerSploit.

aircrack-ng

Clientless WEP

How to crack WEP without clients.

aircrack-ng

Classic WEP Attack

How to hack WEP basic attack.

aircrack-ng

WEP Aircrack-ng and John the Ripper

How to crack WEP with John the Ripper and Aricrack-ng

hacking

Brute Force SSH

How to brute force SSH with Python and Paramiko.

sudo

Sudo Logging and Monitoring

How to log and monitor sudo.

Security

sudo logging

How to enable sudo logging for better security.

SSH

Securing SSH

How to secure ssh

Eternalblue-Doublepulsar

Eternalblue-Doublepulsar

How to install and use Eternalblue-Doublepulsar.

hacking

FuzzBunch

How to Install and use Fuzzbunch

DCSync

DCSync

How to run and detect DCSync.

Impacket

Impacket and Docker

How to create an Impacket Docker image.

Impacket

Golden Ticket With Impacket

How to create a Golden Ticket with Impacket