Uncategorized

• Uncategorized

  • EMET - Consider keeping EMET for Windows 7 but prioritize upgrades to Windows 10 and Edge).
  • Block Office macros
  • (Microsoft ATA)
  • (KB2871997)
  • (Microsoft LAPS)
  • (including GPP)
  • PAWs
  • LLMNR
  • WPAD
  • PowerView - Situational Awareness PowerShell framework
  • BSides DC 2016 - PowerShell Security: Defending the Enterprise from the Latest Attack Platform
  • Six Degrees of Domain Admin... - Andy Robbins, Will Schroeder, Rohan Vazarkar
  • 111 Attacking EvilCorp Anatomy of a Corporate Hack
  • Red vs Blue: Modern Active Directory Attacks & Defense
  • Offensive Active Directory with Powershell
  • Advanced Incident Detection and Threat Hunting using Sysmon and Splunk
  • Real Solutions From Real Incidents: Save Money and Your Job!
  • How to go from Responding to Hunting with Sysinternals Sysmon
  • 111 Attacking EvilCorp Anatomy of a Corporate Hack
  • Real Solutions From Real Incidents: Save Money and Your Job!
  • ADSecurity
  • Explaining and adapting Tay’s Sysmon configuration
  • Use of PSExec
  • Responder - A LLMNR, NBT-NS and MDNS poisoner
  • BloodHound - Six Degrees of Domain Admin
  • Empire - PowerShell and Python post-exploitation agent
  • Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
  • Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
  • UACME - Defeating Windows User Account Control
  • PowerSploit - A PowerShell Post-Exploitation Framework
  • Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
  • PowerShell logging
  • BSides DC 2016 - PowerShell Security: Defending the Enterprise from the Latest Attack Platform
  • 111 Attacking EvilCorp Anatomy of a Corporate Hack
  • (FGPP)
  • LDAP signing