In continuance of my research in cloud security, I picked up another book on Azure security. The book was Pentesting Azure Applications – The Definitive Guide to Testing and Securing Deployments by Matt Burrough. I got it as part of the Humble Book Bundle. It was published in July 2018 and was the only book […]
Book Review: Penetration Testing Azure for Ethical Hackers
I have been researching cloud security off late. Recently, the book, Penetration Testing Azure for Ethical Hackers by David Okeyode , Karl Fosaaen, showed up on my Twitter feed. The book had good reviews so I decided to pick it up. It was published recently (at the time of writing), in November 2021 (another reason […]
Introduction to MITRE ATT&CK Framework
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. If you want to beat your adversaries, think like them. A common adage we have all heard. MITRE ATT&CK is just that. A framework to think like adversaries and beat them in their game. It is a culmination of […]
Red Team Operations Attack Lifecycle
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]
SPN Scanning using ADSI (Part 3)
A Service Principal Name (SPN) is a unique identifier of a service instance. It is used to link an AD object (service accounts, users, computers etc.) with a service. It can be used as an alternative to a port scan in an Active Directory environment. Some common SPNs are: CIFS host HTTP https IMAP mongod […]
ADSISearcher (Part 2)
ADSISearcher is a class for searching for objects in Active Directory. It is part of .NET framework (System.DirectoryServices.DirectorySearcher) and van be accessed via PowerShell by creating object for the above class Example: $adsiSearcherObj = New-Object –TypeName System.DirectoryServices.DirectorySearcher takes the LDAP path to current domain by default Pass ADSI Directory Entry object type as ArgumentList to […]
Social-Engineer Toolkit: An Introduction
Long back, I read a book called The Art of Intrusion by Kevin Mitnick, in which he explained some of his successful techniques to infiltrate into an organization’s network. Among them was one that he employed the most, Social Engineering. Social Engineering can be defined as a psychological play on people in order to lead them […]