Powered By TEKGENX CONSULTING
Views: 11There are two main techniques used in Traffic Analysis: Flow Analysis Packet Analysis Collecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to collect and analyse.Challenge: Doesn’t provide full packet details to get the root cause of a case. Collecting … Read more
Views: 14Where to find the passwords/hashes Windows Linux unattend.xml shadow sysprep.inf shadow.bak SAM password Types of Password Attacks Dictionary attack Brute force Traffic interception Man In the Middle Key Logging Social engineering
Views: 12Kerberos Authentication krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The Authentication Service (AS) exchange ([RFC4120] section 3.1):<1> The Ticket-Granting Service (TGS) exchange ([RFC4120] section 3.3): The Client/Server Authentication Protocol (AP) exchange ([RFC4120] section … Read more
Views: 63up-to-date version of PowerView: New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination Set : modify a given object Invoke : lazy catch-all Nouns: Verb-Domain* : indicates that LDAP/.NET querying methods are … Read more
Views: 21Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more “secure” than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a lot more attack vectors to choose from Kerberos still has a handful of underlying vulnerabilities just like NTLM … Read more
Views: 43OpenVPN complaining of depreciated ciphers ERROR: failed to negotiate cipher with server. Add the server’s cipher (‘AES-256-CBC’) to –data-ciphers (currently ‘AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305’) if you want to connect to this server. Fix:
Views: 12Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range of events such as user logins, file accesses, system errors, network connections, and changes to data or system configurations. While the specific details may … Read more
Views: 12Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
Views: 27NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split … Read more