In Part 2, we gained SYSTEM on WINTERFELL and minted a long lived Golden Ticket for the child domain. We have total control of North, but in an Active Directory forest, the Child Domain is just a stepping stone. Our objective now is to leverage the trust relationship between the Read more
In Part 1, we set the stage. Now we turn that control into dominance. The goal here is simple. Move from a compromised machine account in the child domain north.sevenkingdoms.local to full Enterprise Admin access in the forest root sevenkingdoms.local. Phase 0: Creating a Controlled Machine Account Before RBCD, we Read more
We have access to the network, but no understanding of the environment. The next step is to enumerate and map what exists. Phase 1: Infrastructure Mapping (Nmap) We start by figuring out what actually exists on the network. A basic Nmap scan across the 192.168.66.0/24 range tells us which hosts Read more
Phase 1: System Tools & Compilers These packages provide the networking, compilation, and cross-platform headers needed for the lab. Enter blanks on all the krb5 stuff. Phase 2: Modern AD Tooling We use pipx to install some tools in isolated environments to prevent dependency conflicts with the system’s Impacket. Grab Read more
Security teams can adopt DevOps principals to standardize how rules are authored, reviewed, tested, and deployed. Here’s I’ve created a mock deployment using GitHub Actions. This post walks through a complete end to end CI/CD example that mirrors a lightweight Git pipeline. It uses two GitHub workflows, a pull request Read more
If SMB signing is disabled on a target, we can relay a live authentication and turn it straight into execution without a password. Triggering the Authentication An NTLM relay only works if something authenticates to us. That usually happens when a user hits a UNC path, intentionally or by mistake. Read more
If you want a cheap homelab that can run real workloads, you can do it for about 500 bucks. A modern Ryzen Mini-PC with 32GB of RAM is enough to host a serious lab. You can run Linux servers, Docker, Kubernetes, security tooling, and full Windows environments. To prove the Read more
1. Initial Network and Service Enumeration 2. SMB Enumeration 3. Generating Userlists from Game of Thrones Cast Data 4. Kerberos User Enumeration 5. Authenticated SMB Enumeration 6. AS-REP Roasting and Password Attacks 7. Broad Credential Spray 8. Full AD User Enumeration 9. LDAP Enumeration 10. Kerberoasting If your clock is Read more
When it comes to automated vulnerability scanning, Nuclei is one of the best open source tools out there. It’s fast, flexible, and extensible with thousands of community templates. Masscan is like nmap on steroids. We’ll use it to enumerate HTTP, SSH, RDP, Active Directory, and SMB services, then feed those Read more
In the CISSP world, understanding Security and Risk Management is like building a solid foundation for a house. It supports everything else you do in cybersecurity. This domain forms the core of the CISSP Common Body of Knowledge (CBK) and is crucial for both passing the exam and excelling in Read more
T-Pot is an open-source honeypot framework designed to emulate multiple attack surfaces and gather data on malicious activities. This blog post walks through the installation process on an Ubuntu 20.04 server, and demonstrates how to test its capabilities. Setting Up T-Pot System Requirements Installation Steps Follow the official installation steps Read more
Tailscale is a Zero Trust Network Access (ZTNA) solution that simplifies secure connectivity via a mesh VPN with Wireguard. It’s insanely easy to setup and get working. You get 3 devices with the free version. https://tailscale.com/pricing Setting Up Tailscale Inviting Users Configuring Access Controls Setting Up Applications and Services sudo Read more
Security breaches will continue to increase in sophistication. Microsegmentation addresses this by enabling granular controls over network traffic, enforcing intent based, workload aware policies at the application layer. This ensures that only the necessary communication between services can happen. Think least privilege/least access for network communications. In this post, I’ll Read more
Choosing the correct Software Development Life Cycle (SDLC) model is crucial for the success of any project. Different projects have unique requirements, timelines, and team dynamics that make certain models more suitable than others. This guide provides a structured approach to selecting the SDLC model that best fits your project. Read more
Quality assurance (QA) plays a vital role in the Software Development Life Cycle (SDLC), ensuring that the software meets defined requirements and performs reliably in various conditions. This post covers two essential quality frameworks within SDLC: the Software Testing Life Cycle (STLC) and the Defect Life Cycle. Software Testing Life Read more
1. Prototype Model The Prototype Model is used when project requirements are unclear or expected to evolve. It focuses on creating an initial version (prototype) that allows stakeholders to visualize the product early on and provide feedback. Characteristics: Use Cases: Advantages and Disadvantages: 2. Hybrid Model The Hybrid Model combines Read more
I’ve been running Cuckoo since it came out in 2011. The original project is no longer maintained, but the folks at CERT-EE have released Cuckoo3. Setting up Cuckoo has never been easy for me, but they’ve made it a breeze. By the end of this guide, you’ll have a fully Read more
Introduction As more organizations move to cloud environments, incident handling in platforms like AWS has become essential for SOC operations. This post will cover strategies for managing incidents in cloud environments, specifically AWS, and wrap up with comprehensive malware analysis techniques that apply across both on premise and cloud systems. Read more
Introduction One of the goals for incident response is not just stopping an attack but making sure attackers can’t get back in. Attackers often use persistence techniques to maintain access, setting up mechanisms that survive reboots or system updates. Powershell has also become a common vector for threats, especially for Read more
Introduction In a SOC environment, specialized incident handling skills are essential for managing complex attack types like phishing, malware, and network based intrusions. This post dives into practical approaches for handling phishing attempts, investigating malware alerts, and using network forensics to support incident response. Mastering these techniques enables SOC analysts Read more