blueteam - ZeroSec - Adventures In Information Security

blueteam

A collection of 20 posts

BYODC - Bring Your Own Domain Controller

redteam Featured

BYODC - Bring Your Own Domain Controller

BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.

Dark photo of lit balcony, glasgow at night

Multiple Paths to Compromise An Environment

Attack paths and compromising systems are something we, as attackers, thrive in. Many areas of system weakness can be attacked and leveraged to gain a foothold or an upper hand within an environment.

Moody photo of railway arches with graffiti

Azure Attack Paths: Common Findings and Fixes (Part 1)

This post will walk through various services within the Azure catalogue and look at potential attack paths.

Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6

redteam Featured

Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6

A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.6

AutoPoC - Validating the Lack of Validation in PoCs

honeypoc Featured

AutoPoC - Validating the Lack of Validation in PoCs

HoneyPoC was a project to look at how popular CVE PoCs could be. AutoPoC took that concept and enabled the mass creation of disinformation. Also, Data is beautiful.

ADExplorer Exporting Quick Tip

ADExplorer Exporting Quick Tip

Working with ADExplorer as a Red Teamer is really useful for seeing the whole domain in a single snapshot that can be looked at offline. There is minimal tooling out there for parsing ADExplorer or even exporting things and the closest I could find was ADEGrab [https://github.com/stufus/

Locking Down SSH - The Right Way

blueteam Featured

Locking Down SSH - The Right Way

A little guide for locking down a VPS or similar to ensure your SSH connection is as secure as can be.

Social Profiling - OSINT for Red/Blue

Social Profiling - OSINT for Red/Blue

One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy enumeration.

Old but Gold - Attack and Defend the Sys Admins

redteam Featured

Old but Gold - Attack and Defend the Sys Admins

Older techniques used in a sysadmin space, weaponised for red teaming and how to detect them from a blue team perspective.

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

redteam Featured

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

As this series is a three part and dives into how to get domain admin in a windows estate using different techniques I found it useful to link them altogether in one flowing post, yes it is a straight pull of the other posts into one continuous post but it

Pass the Way to DA

Pass the Way to DA

Pass the X attacks originate from having a piece of information, in these examples this will be a hash, a set of credentials or a Kerberos ticket and then leveraging them for lateral movement throughout a network.

Learning The [Defence] Ropes 101 - Splunk Setup & Config

Learning The [Defence] Ropes 101 - Splunk Setup & Config

As an attacker I come across Splunk a lot but I've never deployed it. This blog post will deep dive into deploying it and querying the back end!

ZeroLogon(CVE-2020-1472) - Attacking & Defending

ZeroLogon(CVE-2020-1472) - Attacking & Defending

A handy walkthrough of CVE-2020-1472 from both a red and blue team perspective, how to detect, patch and hack ZeroLogon

Developing An Effective Security Program

informationsecurity

Developing An Effective Security Program

This post comes off the back of a series of tweets I made one morning, I decided that after a long thread it was probably better to combine into one post. So here it is folks. If you want to deploy a proper security program there are some key basics

WTF is Rainbow Teaming?

redteam Featured

WTF is Rainbow Teaming?

Alternative Title: 50 Shades of Teams Red Team, Blue Team, Purple Team, Black Team… Rainbow team? What are all of these things and what do they all mean? Is this a new case of a new found buzzword bingo or do they have a place and a purpose? The coloured

Roasting your way to DA - Build-Break-Defend-Fix

redteam Featured

Roasting your way to DA - Build-Break-Defend-Fix

Dive into both Kerberoasting and ASREP Roasting, looking at how they work, how to introduce them into an environment and how to fix them or where possible monitor and defend against them.

Build, Attack, Defend, Fix – Paving the way to DA

Build, Attack, Defend, Fix – Paving the way to DA

While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?

Mail Technologies(DKIM & DMARC) - Part 2

phishing Featured

Mail Technologies(DKIM & DMARC) - Part 2

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides. This post dives into DKIM and DMARC.

Mail Security - SPF - WTF

ltr101 Featured

Mail Security - SPF - WTF

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides.

So You Want to Learn [Red] Teaming?

redteam Featured

So You Want to Learn [Red] Teaming?

Red Teaming is something that takes a bit of experience to actually nail, it's not something you expect to walk into after doing a four year uni course or something to pick up with little to no actual security experience.