View Azure NSG Flow Logs In Powershell

Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format…..

Brute Force Web Logins

If you have a login page which is reachable over the internet, at some point it’s going to get attacked. The reason why is because it can be extremely easy for attackers to do so….

Active Directory Scripts

I’ve created a bunch of Active Directory scripts to help identify attack points or stale accounts. This can be used for both, Blue and Red team members as they dive into abusable privileges….

Phishing.web.core.windows.net

EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven’t heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account “impenetrable”…..

Living Off The Land: Suspicious System32

The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows and inherit trust by default. Because of this, security controls won’t ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can’t block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl…….