Blue Team – Securethelogs.com

Exnoscan

Posted by Securethelogson 12th Jan 202112th Jan 2021in Blue Team, Cyber Security, Red TeamLeave a comment

Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you don't.....

Building an NSG logger

Posted by Securethelogson 23rd Oct 202023rd Oct 2020in Blue Team, Cyber Security, EnterpriseLeave a comment

My first attempt at a logger was for short term. It became apparent quite quickly that this wouldn't be a long standing solution to avoid the log analytics costs......................

View Azure NSG Flow Logs In Powershell

Posted by Securethelogson 17th Sep 2020in Blue Team, powershell5 Comments

Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format.....

Active Directory Scripts

Posted by Securethelogson 6th Jun 2020in Blue Team, powershellLeave a comment

I've created a bunch of Active Directory scripts to help identify attack points or stale accounts. This can be used for both, Blue and Red team members as they dive into abusable privileges....

Phishing.web.core.windows.net

Posted by Securethelogson 14th May 202014th May 2020in Blue Team, Cyber Security, Phishing, Red TeamLeave a comment

EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven't heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account "impenetrable".....

Living Off The Land: Suspicious System32

Posted by Securethelogson 12th May 2020in Blue Team, Cyber Security, Red TeamLeave a comment

The services below are some of the most commonly abused services for malicious parties to "live of the land". Each are built into Windows and inherit trust by default. Because of this, security controls won't ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can't block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl.......

Hacking With Powershell: Malware

Posted by Securethelogson 26th Apr 202026th Apr 2020in Blue Team, Cyber Security, powershell, Red Team1 Comment

With malicious parties continuing to use Powershell as their way in, I thought I would look into how it's being used and what can be done to prevent it. This is something I've covered before, so think of this as a part 3............

What’s This About Zoom?

Posted by Securethelogson 10th Apr 202013th Apr 2020in Blue Team, Cyber Security, EnterpriseLeave a comment

Zoom has helped millions stay in connect during these hard times and you can see why it was the preferred option. Other services such as Webex or Skype are just too clunky and in my opinion, the simplicity of Zoom was........

PSWatcher – Now Automated

Posted by Securethelogson 7th Apr 2020in Blue Team, Enterprise, GeneralLeave a comment

Read the article here: https://securethelogs.com/pswatcher-3/

Windows Defender: Why Check Your Exclusions

Posted by Securethelogson 29th Mar 202029th Mar 2020in Blue Team, Cyber Security, Red Team1 Comment

Windows Defender is integrated with Windows 10, so it's no wondering it's up there for the most popular Anti-virus solution. Once you login to your new Windows 10 machine, it's pretty much ready to go. The plus side is that Defender is a pretty solid AV and if you look at Gartner, they even rate them as the best......