NetwerkLABS

Elastic SIEM: Developing Dashboards & Visualization

Use case 1: Failed Logon Attempts (Disabled Users) https://youtu.be/7Uyqek-FdwI Use case 2: Failed Logon Attempts (using Admin Accounts) https://youtu.be/UGRmsoqk0EM Use case 3: Successful RDP Logon Related To Service Accounts https://youtu.be/eRjA6TpEryk Use case 4: Users Added Or…

Bharath Narayanasamy SIEM, Elastic, Threat_hunting

Elastic SIEM BLUE TEAM DETECT

SIEM Use cases

How To Build SIEM Use Cases Comprehend your needs, risks, and establish alerts for monitoring all necessary systems accordingly. Determine the priority and impact, then map the alert to the kill chain or MITRE framework. Establish…

Bharath Narayanasamy Usecase, SIEM, Elastic

Traffic Analysis

Traffic Analysis Essentials

There are two main techniques used in Traffic Analysis: Flow AnalysisPacket AnalysisCollecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to…

Bharath Narayanasamy traffic

Brute Force Attacks

Login Brute Forcing

Where to find the passwords/hashes WindowsLinuxunattend.xmlshadowsysprep.infshadow.bakSAMpassword Types of Password Attacks Dictionary attackBrute forceTraffic interceptionMan In the MiddleKey LoggingSocial engineering

Bharath Narayanasamy hydra, brute-force, ncrack

Attacking Active Directory

Understanding Kerberos Authentication

Kerberos Authentication Referenceshttps://www.youtube.com/watch?v=snGeZlDQL2Q https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/b4af186e-b2ff-43f9-b18e-eedb366abf13 krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The…

Bharath Narayanasamy

Enumeration Attacking Active Directory

PowerView Cheat Sheet

up-to-date version of PowerView: https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination…

Bharath Narayanasamy

Attacking Active Directory

Attacking Kerberos

Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more "secure" than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a…

Bharath Narayanasamy kerberos, AD attacks

Practical LABS

TryHackMe: OpenVPN Issues and Fixes

OpenVPN complaining of depreciated ciphers ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server. Fix: sed -i 's/cipher AES-256-CBC/data-ciphers AES-256-CBC/' *.ovpn

Bharath Narayanasamy

BLUE TEAM Intrusion Detection and Response

Log Management: Basics

Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range of events such as user logins,…

Bharath Narayanasamy

NIST DETECT

NIST – DETECT: Categories and Subcategories

Bharath Narayanasamy