Virtual machines are very useful not only on servers or in cloud environments, but also installed locally on a workstation … More Script to set up port forwarding, start/stop & automatically SSH into headless VirtualBox VM
An “interesting” part when working with APIs or runtime environments like containers is of course credential management. Somehow you have … More “Stealing the environment” – Insecure password injection in scripts and containers via environment variables
It’s very useful to be able to quickly perform some subnetting when given an IP address with its CIDR – … More Subnetting quick & easy
As I wrote in my last post on lateral movement, using AppLocker or Software Restriction Policies (SRPs) to avoid the … More SRPs block malware, but what if things stop working?
Recently on Twitter someone asked security professionals which tools they use most for their day-to-day tasks. Someone said “Excel” and … More Life-saving Excel shortcuts
As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network … More Analyze Emotet and Trickbot with NetworkMiner and Suricata
Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as … More Quick and easy setup for NetworkMiner and Suricata to perform network forensics
When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising … More Script to enumerate Windows events with name, ID, security monitoring recommendation, URL
Wireshark is a very useful tool for network troubleshooting, but also for Blue (discover attacks) and Red (sniff secrets) security … More Reading encrypted network traffic & why connection coalescing, session resumption and perfect forward secrecy help
ARP – the address resolution protocol – is responsible for translating IP addresses into MAC addresses. If your system wants … More Run ARP poisoning attacks with Metasploit and detect them with Wireshark