Socket filters provide a mechanism at the kernel level for filtering, managing, and controlling network traffic. By using these filters, network administrators, security software, and even adversar...

Port knocking is a stealthy network security technique designed to shield services like SSH from unauthorized access and routine port scans. By requiring a predefined sequence of connection attempt...

kerberoasting → Post-exploitation attack technique that is used to obtain a password hash of an AD account that has servicePrincipalName(SPN) value. → SPNs are used to identify services and applic...

NTDS Dumping → caused by a flaw in the cryptographic authentication scheme used by net logon Remote protocol(MS-NRPC) that causes authentication to be bypassed. → By bypassing an authentication to...

NTDS Dumping → AD stores domain information in the NTDS.dit file which is located default in %SystemRoot%\ntds\ on dc → file contains critical domain information such as password hashes for users...

Adversaries may use the “whoami” command to quickly identify the current user on a compromised system, helping them assess privileges and plan further attacks. However, it’s important to note that ...

Upgrade the environment to Powershell v5 and remove prior versions where possible to add logging and restriction abilities. Enable PowerShell Logging Detection of PowerShell attack activity on you...

Windows Forensics Network Analysis Tools Wireshark Network Appliance Forensic Toolkit NetworkMiner Registry Analysis Tools RegRipper ShellBags Explorer AmcacheParser AppCompatCa...

Windows Registry Structure open Regedit.exe, he sees a tree-like structure with five root folders, or “hives”. HKEY_CLASSES_ROOT hive contains configuration information relating to which app...

Windows CVE-2023-23397 Exploitation Attempt title: CVE-2023-23397 Exploitation Attempt id: 73c59189-6a6d-4b9f-a748-8f6f9bbed75c status: experimental description: Detects outlook initiating connect...