AM23, робота над помилками

Цей допис є рефлексією після участі у навчаннях, де команди синіх захищали інфраструктуру, команди червоних її атакували, а команда зелених жалілась на недоступність сервісів і старанно псувала нерви синім 🙂

Кольорова гама допису буде така:

Зелене – це те, що було зроблено добре і вчасно
Червоне – те, що точно можливо було зробити інакше, або в інший час
Синє – ідеї, які з’явились вже після навчання і не були протестовані.

Читати далі

Converting msRADIUSFramedIPAddress to IPV4 PowerShell

Оригінал статті

The other day I was asked the to run a report by security team on which AD users had dial-in configured for a static IP address and what IP address was assigned, if any.

I did a quick Get-Aduser on the supplied test account and here are the results:

GivenName               : Chris
msRADIUSFramedIPAddress : 1869573999
Name                    : Chris
ObjectClass             : user

Читати далі

The Hierarchy of Cyber Needs

Оригінал

It takes a lot of time, effort, expertise and money to protect an enterprise network against today’s cybersecurity threats. The security market thrives, and businesses have many products and consulting services to choose from. So how do you invest your security dollars most efficiently? Cybersecurity spending requires a plan, whether building IT infrastructure from scratch or improving an existing enterprise network. Consider the following Hierarchy of Cyber Needs, built from the experiences of an Incident Response team that has seen it all. This chart will help you identify and prioritize which layers of security need investment within your enterprise. Use this as a road map to improve your enterprise security as quickly and cost-effectively as possible.

 

Captain's Hierarchy of Cyber Needs

Читати далі

SOC links

Threat Hunter Playbook
https://threathunterplaybook.com/intro.html

Cyber Meisam [CM]
https://cybermeisam.medium.com/

Hoarder
https://github.com/muteb/Hoarder

ENTERPRISE PURPLE TEAMING
https://github.com/ch33r10/EnterprisePurpleTeaming

Course SC-200T00: Microsoft Security Operations Analyst
https://learn.microsoft.com/en-us/training/courses/sc-200t00

Your Ultimate Guide to Windows Local Administrator Password Solution (LAPS)
https://kaidojarvemets.com/your-ultimate-guide-to-windows-local-administrator-password-solution-laps/

Bug Hunter Handbook
https://gowthams.gitbook.io/bughunter-handbook/

Know Your Adversary
https://posts.specterops.io/