Netwerk_LABS – Page 7 – Powered By TEKGENX CONSULTING

Understanding Kerberos Authentication

Views: 11Kerberos Authentication krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The Authentication Service (AS) exchange ([RFC4120] section 3.1):<1> The Ticket-Granting Service (TGS) exchange ([RFC4120] section 3.3): The Client/Server Authentication Protocol (AP) exchange ([RFC4120] section … Read more

PowerView Cheat Sheet

by Bharath Narayanasamy

Views: 18up-to-date version of PowerView: New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination Set : modify a given object Invoke : lazy catch-all Nouns: Verb-Domain* : indicates that LDAP/.NET querying methods are … Read more

Attacking Kerberos

by Bharath Narayanasamy

Views: 19Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more “secure” than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a lot more attack vectors to choose from Kerberos still has a handful of underlying vulnerabilities just like NTLM … Read more

TryHackMe: OpenVPN Issues and Fixes

by Bharath Narayanasamy

Views: 28OpenVPN complaining of depreciated ciphers ERROR: failed to negotiate cipher with server. Add the server’s cipher (‘AES-256-CBC’) to –data-ciphers (currently ‘AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305’) if you want to connect to this server. Fix:

Log Management: Basics

by Bharath Narayanasamy

Views: 12Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range of events such as user logins, file accesses, system errors, network connections, and changes to data or system configurations. While the specific details may … Read more

NIST – DETECT: Categories and Subcategories

by Bharath Narayanasamy

NIST – IDENTIFY: Categories and Subcategories

by Bharath Narayanasamy

Views: 11Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

NIST Cybersecurity Framework v1.1: Fundamentals

by Bharath Narayanasamy

Views: 26NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split … Read more

Incident Handling Life Cycle

by Bharath Narayanasamy

This entry is part 1 of 13 in the series Incident Response and Forensics

Views: 12NIST – Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security controls to monitor like EDR / SIEM / IDS / IPS, etc. It also includes hiring/training the staff. 2. Detection and Analysis The detection phase covers … Read more

Splunk: Search Processing Language (SPL) Basics

by Bharath Narayanasamy

This entry is part 10 of 17 in the series Threat Detection Engineering

Views: 63Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested logs. Main components of SPL Search Field Operators Comparison Operators These operators are used to compare the values against the fields. Field Name Operator … Read more