Dynamic Device Code Phishing
rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]
Blue Team
Ssh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […]
Your Browser is Not a Safe Space
Corey Ham // Tl;dr Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items. Personal security: Do not save anything sensitive in […]
Parsing Sysmon Logs on Microsoft Sentinel
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]
Who’s Bootin’? Dissecting the Master Boot Record
Hal Denton // Have you ever been given an encrypted hard drive to perform forensic analysis on? What could go wrong? Probably the first thought rolling through your mind is […]
PlumHound Reporting Engine for BloodHoundAD
Kent Ickler // It’s been over two years since Jordan and I talked about a Blue Team’s perspective on Red Team tools. A Blue Team’s Perspective on Red Team Hack […]
New PowerShell History Defense Evasion Technique
Carrie Roberts // PowerShell incorporates the handy feature of writing commands executed to a file to make them easy to refer back to later. This functionality is provided by the […]
Why You Really Need to Stop Disabling UAC
Noah Heckman // Windows Vista didn’t have many fans in the Windows community (to put it lightly). It beaconed in a new user interface, file structure, and a bunch of […]