Threat Intel Reads – January 2019

January was an interesting moth for CTI practitioners! I took some time and collected the major articles and presentations that I read and watched during January 2019.

I hope you enjoy it. Continue reading “Threat Intel Reads – January 2019” →

My Top 20 CTI/DFIR Talks for 2018

Another year has passed and lots of good CTI/DFIR stuff have been presented! I took some time to watch again some of my favourite talks within 2018 and list my favourite 20 ones. The list provided below has a CTI focus, however some of the most representative talks related to blue team/red team as well as ICS have been selected. I hope you enjoy it! Continue reading “My Top 20 CTI/DFIR Talks for 2018” →

GhostPack: C# Offensive Framework

This is a game changer for red teaming and offensive security. The guys from SpecterOps have just published GhostPack. This represents the transition from Offensive PowerShell frameworks to C# frameworks. This was much expected as blue teams are catching up on PowerShell detection/prevention controls. Moreover, red teams need “offense in depth” having different variations of their toolset based on the engagement needs.

GhostPack is a collection various C# implementations of previous PowerShell functionality, and includes six separate toolsets being released:

Continue reading “GhostPack: C# Offensive Framework” →

Red Teaming Tips by Vincent Yiu

Vincent Yiu has tweeted some really useful red teaming tips.

Red Tip #1: Profile your victim and use their user agent to mask your traffic. Alternatively use UA from software such as Outlook.
Red tip #2: If the enemy SOC is using proxy logs for analysis. Guess what? It won’t log cookies or POST body content as can be sensitive.
Red tip #3: Taking a snapshot of AD can let you browse, explore and formulate future attacks if access is lost momentarily.
Red tip #4: consider using Office Template macros and replacing normal.dot for persistence in VDI environments.
Red tip #5: Do a DNS lookup for terms such as intranet, sharepoint, wiki, nessus, cyberark and many others to start intel on your target.

Continue reading “Red Teaming Tips by Vincent Yiu” →

My favorite DFIR presentations for 2016

2016 was a year full of interesting presentations and conferences! I took a moment to think about the presentations that helped me better understand the threat landscape, introduced me to new tools and processes, provided inspiration for my team and help me with my daily operations.

The selection of the presentations below is subjective but indicative of the trends regarding the DFIR community during 2016. Moreover, the below sequence is completely random.

I would appreciate any feedback and I would be more than happy to be sent your ones! Enjoy!

Continue reading “My favorite DFIR presentations for 2016” →

Threat Intel Annual Reads 2016

Some of you may or may not know my weekly newsletter called “Threat Intel Weekend Reads” that started being published in December 2014. What I tried to do today was to go back to all the newsletter editions of 2016 and select my favorite headline articles. During the upcoming days I will try to deep dive once again and provide more insights on DFIR, Threat Intel and Threat Hunting! Any feedback would be more than welcome! Enjoy!

Continue reading “Threat Intel Annual Reads 2016” →

Tilting at windmills

A blog about cyber threat intelligence and incident response.

Category: redteaming