Disclaimer

Views: 84Use of this blog means agreement to the following terms: 1. Information provided on this blog are for educational purposes only. The site is no way responsible for any misuse of the information. 2. This blog is all about Cyber Security covering both Offensive and Defensive security principles and technologies. 3. This blog is totally meant for … Read more

Hunting the hunters: Mastering DFIR with Velociraptor (PART-II)

This entry is part 14 of 4 in the series Digital Forensics and Incident Response

Views: 1We have covered the deployment of Velociraptor Server and Client components in the first part of this series. Please read it here, if you want. This part of the seies will walkthrough the capabilitie and features of Velociraptor. Exploring the Clients from the Server GUI Searching for Clients The option “Show All” displays all … Read more

Hunting the hunters: Mastering DFIR with Velociraptor (PART-I)

This entry is part 13 of 4 in the series Digital Forensics and Incident Response

Views: 9Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more

Caldera: Simulating a Complete Attack Chain

This entry is part 10 of 12 in the series Red Team Engagements

Views: 17Attack Simulation In this blog post, we will explain the options to customise the Caldera framework and emulate an attack chain that traverses from Initial Access to Achieving the Objective. Before continuing further, please refer this article which details the procedure to setup Caldera on ParrotOS. For this scenario, we will emulate the following … Read more

Installing Caldera on ParrotOS: A Smoother Experience Compared to Ubuntu and Kali Linux

This entry is part 9 of 12 in the series Red Team Engagements

Views: 7Introduction MITRE Caldera is a powerful adversary emulation platform used for cybersecurity testing and red teaming. However, recent attempts to install Caldera on Ubuntu and Kali Linux have been met with issues—primarily due to the newer Python 3.13 versions. In contrast, installing Caldera on ParrotOS 6.3 (Lorikeet) has been a flawless experience. This blog … Read more

Vulnerability Management: FARADAY

This entry is part 2 of 4 in the series Governance Risk Compliance

Views: 18Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment. With support … Read more

Atomic Red Team – A Framework for Threat Emulation: PART II

This entry is part 8 of 12 in the series Red Team Engagements

Views: 10This is the PART II article in the Atomic RED series. Please follow this link to read PART I of the series. Listing Atomic Techniques We can use the parameters – ShowDetailsBrief and ShowDetails that provide the details inside an Atomic file.  The output shows that ShowDetailsBrief lists the available tests in the specified Atomic and its corresponding Atomic … Read more

Atomic Red Team – A Framework for Threat Emulation: PART I

This entry is part 7 of 12 in the series Red Team Engagements

Views: 9Overview What is Atomic Red Atomic Red Team is an open-source framework designed for security testing and threat emulation. It allows security professionals to simulate real-world cyberattacks and assess the effectiveness of security controls and incident response processes. Supported Platforms Atomic Red Team can be used across multiple platforms: Platform Type Supported Platforms Operating … Read more

Data Manipulation in Splunk: PART II

This entry is part 10 of 4 in the series Splunk 101

Views: 8Event Boundaries Event breaking in Splunk refers to breaking raw data into individual events based on specified boundaries. Splunk uses event-breaking rules to identify where one event ends, and the next begins. In the PART I of this series, we have created a TestApp which is placed at /opt/splunk/etc/apps/TestApp/. Please follow this link to read the PART I article. … Read more

Data Manipulation in Splunk: PART I

This entry is part 9 of 4 in the series Splunk 101

Views: 10Splunk Log Parsing and Transformation Configuration Splunk needs to be properly configured to parse and transform the logs appropriately. Some of the issues being highlighted are: Splunk Data Parsing Guide Data parsing in Splunk involves extracting relevant fields and transforming the data into a structured format for efficient analysis. Step 1: Understand the Data … Read more

Regular Expressions

This entry is part 8 of 4 in the series Splunk 101

Views: 5Regular Expressions: Charsets Searching for Specific Strings Charsets in Regex Using Ranges Matching and Excluding Patterns Important Notes Regular Expressions: Wildcards and Optional Characters Wildcard Matching (. Dot) Optional Characters (? Question Mark) Matching a Literal Dot (\.) Regular Expressions: Line Anchors and Grouping Line Anchors Important Note: Grouping and Either/Or (|) Repeating Groups