SIEM: Onboarding WIndows Servers

This entry is part 19 of 24 in the series Threat Detection Engineering

Views: 8When integrating Windows servers into your Security Information and Event Management (SIEM) platform, selecting the right log sources is crucial for effective threat detection while maintaining optimal system performance. This comprehensive guide outlines the essential Windows event logs to collect, explains their security significance, and provides a ready-to-deploy PowerShell script for configuration.

Command & Control Mastery with Covenant C2: PART-I

This entry is part 11 of 17 in the series Red Team Engagements

Views: 23In the realm of cybersecurity, especially within red teaming and penetration testing, Command and Control (C2) frameworks are pivotal. They facilitate the management of compromised systems, enabling operators to execute commands, maintain persistence, and exfiltrate data. Among the various C2 frameworks available, Covenant C2 stands out due to its unique features and capabilities. 🔍 … Read more

Active Directory Enumeration with PowerView

This entry is part 5 of 6 in the series Attack and Defend Active Directory

Views: 18Complete Active Directory Enumeration Using PowerView PowerView is a powerful PowerShell tool designed to perform detailed enumeration of Active Directory (AD) environments. It is widely used by penetration testers, red teamers, and security professionals to gather domain-related information, find privilege escalation paths, and map AD trust relationships. Below is a complete list of PowerView … Read more

TryHackMe: PyRAT

This entry is part 2 of 4 in the series TryHackMe

Views: 42Pyrat is an easy-rated TryHackMe machine that simulates a running Python RAT on an open socket. The challenge involves leaking a GitHub account to gain access to the PyRat source code, which helps in understanding how the RAT operates and gain root access. Room Description: Enumeration Nmap Enumeration Nmap Results Looking at the results we got 2 ports open, 22 and 8000: Also … Read more

Install Docker on ParrotOS

Views: 54Docker Setup on ParrotOS 6.3 In this tutorial, we’ll walk you through a foolproof, up-to-date method for getting Docker up and running on the latest release of Parrot OS (March, 2025).Because there’s no official release from Parrot OS (cmiiw), you need to install based on debian. Step 1: Remove any Incorrect Docker Repository Step 2: Add Docker’s Official … Read more

Hunting the hunters: DFIR with Velociraptor (PART-II)

This entry is part 14 of 4 in the series Digital Forensics and Incident Response

Views: 24We covered the deployment of Velociraptor Server and Client components in the first part of this series. You can read it here if you’re interested. This part of the series will walk you through the capabilities and features of Velociraptor. Exploring the Clients from the Server GUI Searching for Clients The option “Show All” … Read more

Hunting the hunters: DFIR with Velociraptor (PART-I)

This entry is part 13 of 4 in the series Digital Forensics and Incident Response

Views: 49Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more

Caldera: Simulating a Complete Attack Chain

This entry is part 10 of 17 in the series Red Team Engagements

Views: 60Attack Simulation In this blog post, we will explain the options to customise the Caldera framework and emulate an attack chain that traverses from Initial Access to Achieving the Objective. Before continuing further, please refer this article which details the procedure to setup Caldera on ParrotOS. For this scenario, we will emulate the following … Read more

Installing Caldera on ParrotOS: A Smoother Experience Compared to Ubuntu and Kali Linux

This entry is part 9 of 17 in the series Red Team Engagements

Views: 35Introduction MITRE Caldera is a powerful adversary emulation platform used for cybersecurity testing and red teaming. However, recent attempts to install Caldera on Ubuntu and Kali Linux have been met with issues—primarily due to the newer Python 3.13 versions. In contrast, installing Caldera on ParrotOS 6.3 (Lorikeet) has been a flawless experience. This blog … Read more

Vulnerability Management: FARADAY

This entry is part 2 of 4 in the series Governance Risk Compliance

Views: 78Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment. With support … Read more