Red Teaming Tips by Vincent Yiu

Vincent Yiu has tweeted some really useful red teaming tips.

  • Red Tip #1: Profile your victim and use their user agent to mask your traffic. Alternatively use UA from software such as Outlook.
  • Red tip #2: If the enemy SOC is using proxy logs for analysis. Guess what? It won’t log cookies or POST body content as can be sensitive.
  • Red tip #3: Taking a snapshot of AD can let you browse, explore and formulate future attacks if access is lost momentarily.
  • Red tip #4: consider using Office Template macros and replacing normal.dot  for persistence in VDI environments.
  • Red tip #5: Do a DNS lookup for terms such as intranet, sharepoint, wiki, nessus, cyberark and many others to start intel on your target.

Continue reading “Red Teaming Tips by Vincent Yiu”

Advertisements

My favorite DFIR presentations for 2016

 

2016 was a year full of interesting presentations and conferences! I took a moment to think about the presentations that helped me better understand the threat landscape, introduced me to new tools and processes, provided inspiration for my team and help me with my daily operations.

The selection of the presentations below is subjective but  indicative of the trends regarding the DFIR community during 2016. Moreover, the below sequence is completely random.

I would appreciate any feedback and I would be more than happy to be sent your ones! Enjoy!

Continue reading “My favorite DFIR presentations for 2016”