January 2024 – Netwerk

AD Fundamentals

This entry is part 2 of 3 in the series Attack and Defend Active Directory

Views: 21Ransomware operators have been increasingly targeting Active Directory as a key part of their attack paths. The Conti Ransomware which has been used in more than 400 attacks around the world has been shown to leverage recent critical Active Directory flaws such as PrintNightmare (CVE-2021-34527) and Zerologon (CVE-2020-1472) to escalate privileges and move laterally in a target network.

Breaching AD

by Bharath Narayanasamy

This entry is part 1 of 3 in the series Attack and Defend Active Directory

Views: 45Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Windows, you are almost guaranteed to find AD. Microsoft AD is the dominant suite used to manage Windows domain networks. However, since AD is used for Identity and Access Management of the entire estate, … Read more

Cyber Kill Chain

by Bharath Narayanasamy

Views: 25Cyber Kill Chain Official Page: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain is a framework created by Lockheed Martin in 2011 and used to model the attacks of attackers. Within this framework, attacker behaviors and the whole cyber attack process consists of 7 steps that follow one another. Cyber Kill Chain is important for the SOC analyst to … Read more

Splunk SPL 101

by Bharath Narayanasamy

This entry is part 5 of 18 in the series Incident Response and Forensics