Category: Red Team
-
Bad Logic App – C2 Simulation
simulation. Running attack simulations internally is very important to build/improve security posture. C2 servers are very common in the wild so…
-
Exploring Data Exfiltration
Data exfiltration is a concern for most organizations. Protecting your data from prying eyes is hard enough but keeping it on your network; now that’s a challenge. With technology continuing to advance, we are forever moving to cloud this and cloud that. Because we can’t live in a world with only using one company, our data is scattered around the web like nobodies business.
-
Exnoscan
Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you don’t…..
-
Brute Force Web Logins
If you have a login page which is reachable over the internet, at some point it’s going to get attacked. The reason why is because it can be extremely easy for attackers to do so….
-
Phishing.web.core.windows.net
EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven’t heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account “impenetrable”…..
-
Living Off The Land: Suspicious System32
The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows and inherit trust by default. Because of this, security controls won’t ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can’t block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl…….
-
Hacking With Powershell: Malware
With malicious parties continuing to use Powershell as their way in, I thought I would look into how it’s being used and what can be done to prevent it. This is something I’ve covered before, so think of this as a part 3…………
-
Windows Defender: Why Check Your Exclusions
Windows Defender is integrated with Windows 10, so it’s no wondering it’s up there for the most popular Anti-virus solution. Once you login to your new Windows 10 machine, it’s pretty much ready to go. The plus side is that Defender is a pretty solid AV and if you look at Gartner, they even rate them as the best……
-
Obfuscation With PowerShell
Malicious parties might chose to encode their commands or scripts. The reason why is that if your auditing isn’t up to scratch, it may go unseen. In some cases it can also help bypass the AV….
-
Stealing Passwords From Clipboard
Password Managers are brilliant! They allow users to create and use complex passwords because they give us a nice secure place to store them. Using Password managers also can also prevent users from writing them down or reusing passwords, which is a huge deterrent against hackers looking to compromise your accounts. It’s a win, win….or […]
-
Securethelog.ps1
I’ve combined all of my current scripts into one to allow easy execution. To see the script, visit: https://github.com/securethelogs/Securethelogs/blob/master/README.md