CrowdStrike logo Github:https://github.com/securethelogs/Powershell/blob/master/CrowdStrike/CS-MalQuery.ps1 Since writing part 1 (Here), I’ve been looking into how to expand on the script. I had a thought... if I’m a user and have gotten to the point I’m running this script, I may need more information than if it's just there. This made me add the Hybrid-Analysis API and Actors... Continue Reading →
CrowdStrike logo Github: https://github.com/securethelogs/Powershell/blob/master/CrowdStrike/CS-MalQuery.ps1 The MalQuery API from CrowdStrike helps their customers validate if the protection is there for a certain IOCs. Nowadays, we are bombarded with IOCs and because there are so many, for some, skimming through and extracting what they can block is more efficient than reading them all. Sometimes it's good to... Continue Reading →
simulation. Running attack simulations internally is very important to build/improve security posture. C2 servers are very common in the wild so...
Data exfiltration is a concern for most organizations. Protecting your data from prying eyes is hard enough but keeping it on your network; now that’s a challenge. With technology continuing to advance, we are forever moving to cloud this and cloud that. Because we can’t live in a world with only using one company, our data is scattered around the web like nobodies business.
After the Facebook leak [BBC.co.uk] my phone has been getting smishing messages non stop. If I can help prevent one person from clicking that next link, it will be worth it.
Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you don't.....
My first attempt at a logger was for short term. It became apparent quite quickly that this wouldn't be a long standing solution to avoid the log analytics costs......................
Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format.....
I've created a bunch of Active Directory scripts to help identify attack points or stale accounts. This can be used for both, Blue and Red team members as they dive into abusable privileges....
EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven't heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account "impenetrable".....
The services below are some of the most commonly abused services for malicious parties to "live of the land". Each are built into Windows and inherit trust by default. Because of this, security controls won't ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can't block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl.......
With malicious parties continuing to use Powershell as their way in, I thought I would look into how it's being used and what can be done to prevent it. This is something I've covered before, so think of this as a part 3............
securethelogs.com 