Blog – Page 2 – take infosec, mix with culture, sprinkle some spice, enjoy.

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising security threats. If you need to protect systems running on Windows, you can use

Posted in Infosec

As DoH gains traction, some thoughts on DNS security and privacy

DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a website, chances are high that your request will first go to one of the 1091 (as of

Posted in Python

Working on large data sets in Python

When working in IT security event monitoring, you will accumulate tons of log data which you will want to perform operations on. If you know Python, you will most likely know Pandas. When I describe

Posted in Infosec

Why you do not want to have “all” data in your SIEM

A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on hackers attacking your new cloud instance|shopping website|password vault you need to see the

Posted in Infosec

Corona-induced home office: Bad for security, great for finding out who has an affair with whom

While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all remaining laptops, setting up VPN client software, and hoping that

Posted in Infosec

Sysmon 11.0 released: Spot hidden tracks even better

In the past I wrote a blog post about Process Explorer to find hidden threats on potentially compromised systems. As I said back then, Process Explorer is part of a suite called Sysinternals, which

Posted in HowTo, Infosec

Reading encrypted network traffic & why connection coalescing, session resumption and perfect forward secrecy help

Wireshark is a very useful tool for network troubleshooting, but also for Blue (discover attacks) and Red (sniff secrets) security teams. Nowadays most communication will be encrypted, which makes it

Posted in HowTo, Infosec

Run ARP poisoning attacks with Metasploit and detect them with Wireshark

ARP – the address resolution protocol – is responsible for translating IP addresses into MAC addresses. If your system wants to reach a server on the internet that has the IP address

Posted in HowTo, Infosec

Easy steps for testing your WEP/WPA WiFi with aircrack-ng

In the previous post I explained how to set up your Alfa WiFi adapter to perform security tests on your wireless network. While I was looking up some things for the aircrack-ng suite, I realized that

Posted in HowTo, Infosec

Get Alfa AWUS036ACH USB NIC running on Kali VM to attack wireless networks

For people in IT security who want to perform penetration testing on wireless networks, it is important to have a network adapter (NIC) which supports monitor mode and packet injection. A normal