My first attempt at a logger was for short term. It became apparent quite quickly that this wouldn’t be a long standing solution to avoid the log analytics costs………………….
Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format…..
I’ve created a bunch of Active Directory scripts to help identify attack points or stale accounts. This can be used for both, Blue and Red team members as they dive into abusable privileges….
The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows and inherit trust by default. Because of this, security controls won’t ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can’t block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl…….
With malicious parties continuing to use Powershell as their way in, I thought I would look into how it’s being used and what can be done to prevent it. This is something I’ve covered before, so think of this as a part 3…………
Read the article here: https://securethelogs.com/pswatcher-3/
The security of active directory will always be a hot topic. AD contains all your identities/structure and isn’t something you want anyone accessing. In traditional models, a common threat was that your users could query AD using net /domain commands…..
PowerShell brings automation and automation can be key to running an environment. The problem is, if it isn’t controlled, “automation” can be used against you……
Malicious parties might chose to encode their commands or scripts. The reason why is that if your auditing isn’t up to scratch, it may go unseen. In some cases it can also help bypass the AV….
Password Managers are brilliant! They allow users to create and use complex passwords because they give us a nice secure… Read more Stealing Passwords From Clipboard