Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas

Book Review: Practical Social Engineering

5 Tips for Safe Digital Payments

Career in Cyber Security

Cyber Security Education & Career

The Three Command and Control Tiers

Uday Mittal March 12, 2021

The Three Command and Control Tiers

This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. A well designed Command and Control (C2) infrastructure is critical to the success of an adversary emulation exercise. During an engagement, established C2 sessions may get disconnected frequently. Whenever this happens, there might be a temptation to re-exploit the target […]

Filed Under: Adversary Emulation Tagged With: adversary emulation, command and control, poshc2, red team

Book Review: Red Team Development and Operations by Joe Vest and James Tubberville

Uday Mittal February 24, 2021

Book Review: Red Team Development and Operations by Joe Vest and James Tubberville

I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the ‘Zero-Day Edition’ (along with this content, of course). Also, it was published recently (at […]

Filed Under: Book Reviews, Good Reads, Non-Fiction Tagged With: Cybersecurity books, red teaming

Book Review: Container Security by Liz Rice

Uday Mittal February 10, 2021

Book Review: Container Security by Liz Rice

I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020. Content overview The book’s tagline, “Fundamental Technology […]

Filed Under: Book Reviews Tagged With: container security, Cybersecurity books

Introduction to MITRE ATT&CK Framework

Uday Mittal January 13, 2021

Introduction to MITRE ATT&CK Framework

  This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. If you want to beat your adversaries, think like them. A common adage we have all heard. MITRE ATT&CK is just that. A framework to think like adversaries and beat them in their game. It is a culmination of […]

Filed Under: Adversary Emulation Tagged With: Penetration Testing, red teaming

What is Adversary Emulation?

Uday Mittal January 6, 2021

What is Adversary Emulation?

This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could […]

Filed Under: Adversary Emulation

Red Team Operations Attack Lifecycle

Uday Mittal January 3, 2021

Red Team Operations Attack Lifecycle

This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]

Filed Under: Adversary Emulation Tagged With: Penetration Testing, red team

Book Review: Web Application Security by Andrew Hoffman

Uday Mittal August 29, 2020 Leave a Comment

Book Review: Web Application Security by Andrew Hoffman

I recently came across this book, Web Application Security by Andrew Hoffman, while searching for material to read on how to secure web applications. There are many books available on this topic. I picked this one specifically because of it’s recent publication date. It was published in March 2020 (about 5 month back, at the […]

Filed Under: Book Reviews Tagged With: Cybersecurity books, web application security

PoshC2: A Red Teamer’s Notes

Uday Mittal July 8, 2020 Leave a Comment

PoshC2: A Red Teamer’s Notes

This is an ongoing post containing my notes on PoshC2 usage. What is PoshC2? PoshC2 is a command and control software. It is used to carry out post-exploitation tasks such as persistence, privilege escalation, lateral movements etc. during penetration testing and red teaming exercises. It supports Python3, PowerShell (v2 and v5), C# and C++. The […]

Filed Under: CnC Tagged With: command and control, poshc2, post-exploitation, red team

SPN Scanning using ADSI (Part 3)

Uday Mittal July 8, 2020 Leave a Comment

SPN Scanning using ADSI (Part 3)

A Service Principal Name (SPN) is a unique identifier of a service instance. It is used to link an AD object (service accounts, users, computers etc.) with a service. It can be used as an alternative to a port scan in an Active Directory environment. Some common SPNs are: CIFS host HTTP https IMAP mongod […]

Filed Under: ADSI, Enumeration Tagged With: Active directory, adsecurity, adsi, adsisearcher, attack active directory, crte, crtp, domain enumeration, forest enumeration, offensive security, Penetration Testing, pentest, powersploit, Powerview, red team, spn, spn scanning, user enumeration, windows 2016 windows security

ADSISearcher (Part 2)

Uday Mittal July 8, 2020 1 Comment

ADSISearcher (Part 2)

ADSISearcher is a class for searching for objects in Active Directory. It is part of .NET framework (System.DirectoryServices.DirectorySearcher) and van be accessed via PowerShell by creating object for the above class Example: $adsiSearcherObj = New-Object –TypeName System.DirectoryServices.DirectorySearcher takes the LDAP path to current domain by default Pass ADSI Directory Entry object type as ArgumentList to […]

Filed Under: ADSI, Enumeration Tagged With: Active directory, adsecurity, adsi, adsisearcher, attack active directory, crte, crtp, domain enumeration, forest enumeration, offensive security, Penetration Testing, pentest, powersploit, Powerview, red team, user enumeration, windows 2016, windows security, yaksas csc

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 9
  • Next Page »

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mobile Security Narendra Modi NSA offensive security Online Safety opsec Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration Wifi Windows

Top Posts

  • ADSISearcher (Part 2)
    ADSISearcher (Part 2)
  • Social-Engineer Toolkit: An Introduction
    Social-Engineer Toolkit: An Introduction
  • Let there be no more MMS Scandals
    Let there be no more MMS Scandals
  • Make Remote Access Your Ally
    Make Remote Access Your Ally
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress