Impacket Offense Basics With an Azure Lab
Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the […]
Jordan Drysdale
Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel
Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs […]
The Azure Sandbox – Purple Edition
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]
Webcast: The Quest for the Kill Chain Killer Continues
Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
A Sysmon Event ID Breakdown – Updated to Include 29!!
Jordan Drysdale // UPDATES! October 30, 2023There’s been an additional update for Sysmon! Event ID 29! Another Event ID (EID) was added to the Sysmon service. This event ID followed […]
Joyriding with SILENTTRINITY – UPDATES
Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the […]
Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike!
Jordan Drysdale // tl;dr Sentinel is easy! Especially when using Azure Sentinel To-Go. So, let’s do some threat research by deploying Sentinel To-Go and executing a Cobalt Strike beacon. Link: […]
Azure Security Basics: Log Analytics, Security Center, and Sentinel
Jordan Drysdale // TL;DR The problem with a pentester’s perspective on defense, hunting, and security: Lab demographics versus scale. If it costs $15 bucks per month per server for me […]
How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!)
Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been […]