CrowdStrike logo Github:https://github.com/securethelogs/Powershell/blob/master/CrowdStrike/CS-MalQuery.ps1 Since writing part 1 (Here), I’ve been looking into how to expand on the script. I had a thought... if I’m a user and have gotten to the point I’m running this script, I may need more information than if it's just there. This made me add the Hybrid-Analysis API and Actors... Continue Reading →
simulation. Running attack simulations internally is very important to build/improve security posture. C2 servers are very common in the wild so...
Data exfiltration is a concern for most organizations. Protecting your data from prying eyes is hard enough but keeping it on your network; now that’s a challenge. With technology continuing to advance, we are forever moving to cloud this and cloud that. Because we can’t live in a world with only using one company, our data is scattered around the web like nobodies business.
Unfortunately, in today’s world, it is not just Vladimir Putin running Windows XP. Many continue to run the risk of keeping legacy systems within their production environment. I imagine for most; this has run through some sort of internal process where the risk has been accepted. If you yourself work within IT, it would be... Continue Reading →
If you have a login page which is reachable over the internet, at some point it's going to get attacked. The reason why is because it can be extremely easy for attackers to do so....
The services below are some of the most commonly abused services for malicious parties to "live of the land". Each are built into Windows and inherit trust by default. Because of this, security controls won't ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can't block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl.......
As the pandemic continues, we are all looking for the latest information or data in order to keep ourselves and our family’s safe. You would have most likely seen an increase in emails from all the companies you associate with, giving you an update on what they are doing during this crisis.....
Security professionals have been trying to flag the risks of public facing RDP for years. Despite all the news articles and tweets, the volume of public RDP remains high.....
PowerShell brings automation and automation can be key to running an environment. The problem is, if it isn’t controlled, “automation” can be used against you......
Malicious parties might chose to encode their commands or scripts. The reason why is that if your auditing isn't up to scratch, it may go unseen. In some cases it can also help bypass the AV....
Password Managers are brilliant! They allow users to create and use complex passwords because they give us a nice secure place to store them. Using Password managers also can also prevent users from writing them down or reusing passwords, which is a huge deterrent against hackers looking to compromise your accounts. It's a win, win....or... Continue Reading →
Read the article here: https://securethelogs.com/hacking-with-powershell-red-team/
securethelogs.com 