Installing OpenBAS: The OpenSource Breach and Attack Simulation

This entry is part 12 of 19 in the series Red Team Engagements

Views: 15Introduction In today’s rapidly evolving cybersecurity landscape, organizations need robust tools to test their security posture and validate their defenses. OpenBAS (Open Breach and Attack Simulation) emerges as a powerful open-source platform that enables security teams to conduct comprehensive security exercises, simulate realistic attack scenarios, and assess organizational resilience against cyber threats. This guide … Read more

Metasploit Framework (MSFconsole) Cheatsheet

This entry is part 13 of 19 in the series Red Team Engagements

Views: 8Disclaimer: This post is created solely for educational and research purposes. The techniques, tools, and concepts discussed are intended to enhance cybersecurity awareness and skills by demonstrating how offensive security testing works. Unauthorized access to computer systems is a criminal offense and subject to severe penalties. Always practice these techniques in a controlled lab … Read more

OpenCTI – Open Source Threat Intelligence Platform: PART I

This entry is part 21 of 27 in the series Threat Detection Engineering

Views: 46OpenCTI (Open Cyber Threat Intelligence Platform) is a powerful open-source solution designed to help security teams collect, store, organize, and visualize threat intelligence in a structured way. Whether you’re a SOC analyst, threat hunter, or security researcher, OpenCTI provides a unified environment to centralize CTI data, correlate intelligence from multiple sources, and share it … Read more

Windows Security Log Quick Reference

This entry is part 20 of 27 in the series Threat Detection Engineering

Views: 6🛡️ For Cybersecurity Defensive Operations and IR/Threat Hunting 🔐 Authentication Events 🗝️ Account Management Events 📂 Object Access Events ✅ Note: Requires enabling object auditing via GPO and SACLs. 🧰 Privilege Use and Logon Types PRO Tip: Use Logon Type + Event 4624/4625 to spot RDP logins, scheduled tasks, or lateral movement attempts. ⚙️ … Read more

SIEM: Onboarding WIndows Servers

This entry is part 19 of 27 in the series Threat Detection Engineering

Views: 37When integrating Windows servers into your Security Information and Event Management (SIEM) platform, selecting the right log sources is crucial for effective threat detection while maintaining optimal system performance. This comprehensive guide outlines the essential Windows event logs to collect, explains their security significance, and provides a ready-to-deploy PowerShell script for configuration.

Command & Control Mastery with Covenant C2: PART-I

This entry is part 11 of 19 in the series Red Team Engagements

Views: 39In the realm of cybersecurity, especially within red teaming and penetration testing, Command and Control (C2) frameworks are pivotal. They facilitate the management of compromised systems, enabling operators to execute commands, maintain persistence, and exfiltrate data. Among the various C2 frameworks available, Covenant C2 stands out due to its unique features and capabilities. 🔍 … Read more

Active Directory Enumeration with PowerView

This entry is part 5 of 6 in the series Attack and Defend Active Directory

Views: 65Complete Active Directory Enumeration Using PowerView PowerView is a powerful PowerShell tool designed to perform detailed enumeration of Active Directory (AD) environments. It is widely used by penetration testers, red teamers, and security professionals to gather domain-related information, find privilege escalation paths, and map AD trust relationships. Below is a complete list of PowerView … Read more

TryHackMe: PyRAT

This entry is part 2 of 4 in the series TryHackMe

Views: 111Pyrat is an easy-rated TryHackMe machine that simulates a running Python RAT on an open socket. The challenge involves leaking a GitHub account to gain access to the PyRat source code, which helps in understanding how the RAT operates and gain root access. Room Description: Enumeration Nmap Enumeration Nmap Results Looking at the results we got 2 ports open, 22 and 8000: Also … Read more

Install Docker on ParrotOS

Views: 171Docker Setup on ParrotOS 6.3 In this tutorial, we’ll walk you through a foolproof, up-to-date method for getting Docker up and running on the latest release of Parrot OS (March, 2025).Because there’s no official release from Parrot OS (cmiiw), you need to install based on debian. Step 1: Remove any Incorrect Docker Repository Step 2: Add Docker’s Official … Read more

Hunting the hunters: DFIR with Velociraptor (PART-II)

This entry is part 14 of 4 in the series Digital Forensics and Incident Response

Views: 54We covered the deployment of Velociraptor Server and Client components in the first part of this series. You can read it here if you’re interested. This part of the series will walk you through the capabilities and features of Velociraptor. Exploring the Clients from the Server GUI Searching for Clients The option “Show All” … Read more