Skip to content

Blog

take infosec, mix with culture, sprinkle some spice, enjoy.

  • Software
  • Resources
  • About
Posted in Attribution, Infosec

Who the hæck?Attribution in cybersecurity
  • Fabian
  • posted on September 16, 2020September 17, 2020
  • No Comment
While we are getting used to hearing news on a daily basis about hacking attacks, much less do we read details on who is responsible. The reason is clear: In cyberspace, there are many ways to cover
Read More
Posted in HowTo, Infosec

SRPs block malware, but what if things stop working?
  • Fabian
  • posted on September 4, 2020September 5, 2020
  • No Comment
As I wrote in my last post on lateral movement, using AppLocker or Software Restriction Policies (SRPs) to avoid the execution of unknown or malicious software is good practice. While SRPs are older,
Read More
Posted in Infosec

Hello, somebody there? Or: The difficulty of detecting lateral movement
  • Fabian
  • posted on September 2, 2020September 5, 2020
  • No Comment
Lateral Movement is a key technique for attackers: Once they entered your infrastructure, the next step is to look around and move horizontally (i.e. to other, possibly more valuable machines and
Read More
Posted in Infosec

Which layer for encryption? Which for VPNs?
  • Fabian
  • posted on July 29, 2020July 29, 2020
  • No Comment
As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages and disadvantages of IPsec VPNs versus TLS-based VPNs. With this discussion in mind
Read More
Posted in HowTo

Life-saving Excel shortcuts
  • Fabian
  • posted on July 12, 2020July 12, 2020
  • No Comment
Recently on Twitter someone asked security professionals which tools they use most for their day-to-day tasks. Someone said “Excel” and I found this very accurate. Excel is so versatile
Read More
Posted in HowTo, Infosec

Analyze Emotet and Trickbot with NetworkMiner and Suricata
  • Fabian
  • posted on July 7, 2020July 7, 2020
  • No Comment
As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network forensics on captured traffic. Overview NetworkMiner provides a
Read More
Posted in HowTo, Infosec

Quick and easy setup for NetworkMiner and Suricata to perform network forensics
  • Fabian
  • posted on June 27, 2020September 28, 2020
  • No Comment
Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as network forensics tool, i.e. acting on recorded traffic (e.g. in
Read More
Posted in Infosec

Sysmon v11.10 reads Alternate Data Streams
  • Fabian
  • posted on June 25, 2020June 25, 2020
  • No Comment
A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 it ships with an exciting new feature: Reading NTFS Alternate Data Streams
Read More
Posted in Infosec

Collection of Windows commands abused by attackers
  • Fabian
  • posted on June 14, 2020June 15, 2020
  • No Comment
Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands Abused by Attackers. The list is separated into the different attack
Read More
Posted in HowTo, Infosec, Python

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL
  • Fabian
  • posted on May 23, 2020November 21, 2020
  • No Comment
When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising security threats. If you need to protect systems running on Windows, you can use
Read More

Posts navigation

1 2 3 4 5

Recent Posts

  • Use AWS Security Token Service (STS) to let low-privileged user temporarily assume privileged role in other account
  • Script to set up port forwarding, start/stop & automatically SSH into headless VirtualBox VM
  • “Stealing the environment” – Insecure password injection in scripts and containers via environment variables
  • Subnetting quick & easy
  • Making a unidirectional double tagging VLAN hopping attack bidirectional

Categories

  • Attribution
  • Batch Scripting
  • Chinese Language
  • Cloud Security
  • Container Security
  • Culture
  • Doing Business in Japan
  • Germany
  • HowTo
  • Infosec
  • Japan
  • Japanese Language
  • Language
  • Mexico
  • Privacy Policy
  • Programming
  • Python
  • South Korea
  • Uncategorized
  • Windows Hardening
Copyright © 2020 All Rights Reserved.  Theme By Mrtemplates