Hunting the hunters: DFIR with Velociraptor (PART-I)

This entry is part 13 of 4 in the series Digital Forensics and Incident Response

Views: 118Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more

Caldera: Simulating a Complete Attack Chain

This entry is part 10 of 19 in the series Red Team Engagements

Views: 108Attack Simulation In this blog post, we will explain the options to customise the Caldera framework and emulate an attack chain that traverses from Initial Access to Achieving the Objective. Before continuing further, please refer this article which details the procedure to setup Caldera on ParrotOS. For this scenario, we will emulate the following … Read more

Installing Caldera on ParrotOS: A Smoother Experience Compared to Ubuntu and Kali Linux

This entry is part 9 of 19 in the series Red Team Engagements

Views: 53Introduction MITRE Caldera is a powerful adversary emulation platform used for cybersecurity testing and red teaming. However, recent attempts to install Caldera on Ubuntu and Kali Linux have been met with issues—primarily due to the newer Python 3.13 versions. In contrast, installing Caldera on ParrotOS 6.3 (Lorikeet) has been a flawless experience. This blog … Read more

Vulnerability Management: FARADAY

This entry is part 2 of 4 in the series Governance Risk Compliance

Views: 174Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment. With support … Read more

Atomic Red Team – A Framework for Threat Emulation: PART II

This entry is part 8 of 19 in the series Red Team Engagements

Views: 42This is the PART II article in the Atomic RED series. Please follow this link to read PART I of the series. Listing Atomic Techniques We can use the parameters – ShowDetailsBrief and ShowDetails that provide the details inside an Atomic file.  The output shows that ShowDetailsBrief lists the available tests in the specified Atomic and its corresponding Atomic … Read more

Atomic Red Team – A Framework for Threat Emulation: PART I

This entry is part 7 of 19 in the series Red Team Engagements

Views: 38Overview What is Atomic Red Atomic Red Team is an open-source framework designed for security testing and threat emulation. It allows security professionals to simulate real-world cyberattacks and assess the effectiveness of security controls and incident response processes. Supported Platforms Atomic Red Team can be used across multiple platforms: Platform Type Supported Platforms Operating … Read more

Data Manipulation in Splunk: PART II

This entry is part 10 of 4 in the series Splunk 101

Views: 24Event Boundaries Event breaking in Splunk refers to breaking raw data into individual events based on specified boundaries. Splunk uses event-breaking rules to identify where one event ends, and the next begins. In the PART I of this series, we have created a TestApp which is placed at /opt/splunk/etc/apps/TestApp/. Please follow this link to read the PART I article. … Read more

Data Manipulation in Splunk: PART I

This entry is part 9 of 4 in the series Splunk 101

Views: 34Splunk Log Parsing and Transformation Configuration Splunk needs to be properly configured to parse and transform the logs appropriately. Some of the issues being highlighted are: Splunk Data Parsing Guide Data parsing in Splunk involves extracting relevant fields and transforming the data into a structured format for efficient analysis. Step 1: Understand the Data … Read more

Regular Expressions

This entry is part 8 of 4 in the series Splunk 101

Views: 10Regular Expressions: Charsets Searching for Specific Strings Charsets in Regex Using Ranges Matching and Excluding Patterns Important Notes Regular Expressions: Wildcards and Optional Characters Wildcard Matching (. Dot) Optional Characters (? Question Mark) Matching a Literal Dot (\.) Regular Expressions: Line Anchors and Grouping Line Anchors Important Note: Grouping and Either/Or (|) Repeating Groups … Read more

Active Directory Domain Service (AD DS)

This entry is part 4 of 6 in the series Attack and Defend Active Directory

Views: 29 Overview Users Machines Security Groups Security Group Description Domain Admins Full control over the domain. Server Operators Can manage Domain Controllers but not admin groups. Backup Operators Can access any file for backup purposes. Account Operators Can create/modify user accounts. Domain Users Includes all user accounts. Domain Computers Includes all machines in the … Read more