Powered By TEKGENX CONSULTING
Views: 118Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more
Views: 108Attack Simulation In this blog post, we will explain the options to customise the Caldera framework and emulate an attack chain that traverses from Initial Access to Achieving the Objective. Before continuing further, please refer this article which details the procedure to setup Caldera on ParrotOS. For this scenario, we will emulate the following … Read more
Views: 53Introduction MITRE Caldera is a powerful adversary emulation platform used for cybersecurity testing and red teaming. However, recent attempts to install Caldera on Ubuntu and Kali Linux have been met with issues—primarily due to the newer Python 3.13 versions. In contrast, installing Caldera on ParrotOS 6.3 (Lorikeet) has been a flawless experience. This blog … Read more
Views: 174Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment. With support … Read more
Views: 42This is the PART II article in the Atomic RED series. Please follow this link to read PART I of the series. Listing Atomic Techniques We can use the parameters – ShowDetailsBrief and ShowDetails that provide the details inside an Atomic file. The output shows that ShowDetailsBrief lists the available tests in the specified Atomic and its corresponding Atomic … Read more
Views: 38Overview What is Atomic Red Atomic Red Team is an open-source framework designed for security testing and threat emulation. It allows security professionals to simulate real-world cyberattacks and assess the effectiveness of security controls and incident response processes. Supported Platforms Atomic Red Team can be used across multiple platforms: Platform Type Supported Platforms Operating … Read more
Views: 24Event Boundaries Event breaking in Splunk refers to breaking raw data into individual events based on specified boundaries. Splunk uses event-breaking rules to identify where one event ends, and the next begins. In the PART I of this series, we have created a TestApp which is placed at /opt/splunk/etc/apps/TestApp/. Please follow this link to read the PART I article. … Read more
Views: 34Splunk Log Parsing and Transformation Configuration Splunk needs to be properly configured to parse and transform the logs appropriately. Some of the issues being highlighted are: Splunk Data Parsing Guide Data parsing in Splunk involves extracting relevant fields and transforming the data into a structured format for efficient analysis. Step 1: Understand the Data … Read more
Views: 10Regular Expressions: Charsets Searching for Specific Strings Charsets in Regex Using Ranges Matching and Excluding Patterns Important Notes Regular Expressions: Wildcards and Optional Characters Wildcard Matching (. Dot) Optional Characters (? Question Mark) Matching a Literal Dot (\.) Regular Expressions: Line Anchors and Grouping Line Anchors Important Note: Grouping and Either/Or (|) Repeating Groups … Read more
Views: 29 Overview Users Machines Security Groups Security Group Description Domain Admins Full control over the domain. Server Operators Can manage Domain Controllers but not admin groups. Backup Operators Can access any file for backup purposes. Account Operators Can create/modify user accounts. Domain Users Includes all user accounts. Domain Computers Includes all machines in the … Read more