Powered By TEKGENX CONSULTING
Bharath Narayanasamy Views: 24Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 17How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more
Views: 19“The pattern matching swiss knife for malware researchers (and everyone else)” YARA in a nutshell YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA we can create descriptions of malware families (or whatever you want to describe) based on textual or binary … Read more
Views: 25Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems;
Views: 10There are two main techniques used in Traffic Analysis: Flow Analysis Packet Analysis Collecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to collect and analyse.Challenge: Doesn’t provide full packet details to get the root cause of a case. Collecting … Read more
Views: 8Where to find the passwords/hashes Windows Linux unattend.xml shadow sysprep.inf shadow.bak SAM password Types of Password Attacks Dictionary attack Brute force Traffic interception Man In the Middle Key Logging Social engineering
Views: 11Kerberos Authentication krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The Authentication Service (AS) exchange ([RFC4120] section 3.1):<1> The Ticket-Granting Service (TGS) exchange ([RFC4120] section 3.3): The Client/Server Authentication Protocol (AP) exchange ([RFC4120] section … Read more
Views: 18up-to-date version of PowerView: New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination Set : modify a given object Invoke : lazy catch-all Nouns: Verb-Domain* : indicates that LDAP/.NET querying methods are … Read more
Views: 19Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more “secure” than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a lot more attack vectors to choose from Kerberos still has a handful of underlying vulnerabilities just like NTLM … Read more
Views: 28OpenVPN complaining of depreciated ciphers ERROR: failed to negotiate cipher with server. Add the server’s cipher (‘AES-256-CBC’) to –data-ciphers (currently ‘AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305’) if you want to connect to this server. Fix: