Powered By TEKGENX CONSULTING
Views: 25Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
Views: 8
Views: 41TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
Views: 19Locate tcpdump Install TCPdump Tcpdump Version Validation TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture Options Switch Command Result D Will display any interfaces available to capture from. i Selects an interface to capture from. ex. -i eth0 n Do not resolve hostnames. nn Do not resolve hostnames … Read more
Views: 32Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 27How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more
Views: 17There are two main techniques used in Traffic Analysis: Flow Analysis Packet Analysis Collecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to collect and analyse.Challenge: Doesn’t provide full packet details to get the root cause of a case. Collecting … Read more
Views: 14Where to find the passwords/hashes Windows Linux unattend.xml shadow sysprep.inf shadow.bak SAM password Types of Password Attacks Dictionary attack Brute force Traffic interception Man In the Middle Key Logging Social engineering
Views: 24Kerberos Authentication krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The Authentication Service (AS) exchange ([RFC4120] section 3.1):<1> The Ticket-Granting Service (TGS) exchange ([RFC4120] section 3.3): The Client/Server Authentication Protocol (AP) exchange ([RFC4120] section … Read more
Views: 589up-to-date version of PowerView: New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination Set : modify a given object Invoke : lazy catch-all Nouns: Verb-Domain* : indicates that LDAP/.NET querying methods are … Read more