NetworkMiner

by

Views: 43NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can also be used to capture live network traffic by sniffing a network interface. It’s a popular tool among incident response teams as well as law enforcement.  Detailed information about … Read more

TCPView

by

Views: 55TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the … Read more

High-Risk Vulnerabilities in ConnectWise ScreenConnect and Remediation procedure

by

Views: 67On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier. Affected Products: ScreenConnectSeverity: CriticalPriority: 1 – High ScreenConnect is popular remote access software used by many organizations globally. There appear to be some 8,500+ instances of ScreenConnect exposed to the public internet. Severity … Read more

AD Fundamentals

by
This entry is part 2 of 6 in the series Attack and Defend Active Directory

Views: 40Ransomware operators have been increasingly targeting Active Directory as a key part of their attack paths. The Conti Ransomware which has been used in more than 400 attacks around the world has been shown to leverage recent critical Active Directory flaws such as PrintNightmare (CVE-2021-34527) and Zerologon (CVE-2020-1472) to escalate privileges and move laterally in a target network.

Breaching AD

by
This entry is part 1 of 6 in the series Attack and Defend Active Directory

Views: 64Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Windows, you are almost guaranteed to find AD. Microsoft AD is the dominant suite used to manage Windows domain networks. However, since AD is used for Identity and Access Management of the entire estate, … Read more

Cyber Kill Chain

by

Views: 25Cyber Kill Chain Official Page: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain is a framework created by Lockheed Martin in 2011 and used to model the attacks of attackers. Within this framework, attacker behaviors and the whole cyber attack process consists of 7 steps that follow one another.  Cyber Kill Chain is important for the SOC analyst to … Read more

Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot

by
This entry is part 7 of 28 in the series Threat Detection Engineering

Views: 655Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as they arise, without any specific targeting strategy – their motto seems to be anyone, anytime.  The primary motivation behind their actions appears to be espionage … Read more

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by