What is Operational technology (OT)? According to Gartner, Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. OT encompasses a wide range of technologies, including industrial control systems (ICS), SCADA (Supervisory Control and Data Acquisition) systems, Programmable Logic…
Leveraging Robot Process Automation (RPA) to Conduct Security Testing
In this blog post, a brief introduction to security testing automation will be given. What kinds of security testing task is good to be automated? a series of testing tasks that are required repetitive testing e.g., continuous testing of predefined security requirements in CI/CD (continuous integration/continuous delivery) environment, such as verifying account lockout after 5 login failure…
Quick Note on Active Directory Attacks by Relaying and Spoofing
This post is just a quick note on how to obtain a foothold from zero in an Active Directory environment. The techniques being involved mainly MitM attack over IPv6 and NTLM relay attack. Please note that all below testings were conducted in an isolated lab environment, all unauthorized testing could be prosecuted. All attacks were initiated…
Cobalt Strike Quick Walkthrough
This is just a very rough and quick walkthrough to give some high-level insight into how Cobalt Strike could help in red-teaming exercises. Why use Cobalt Strike? commercial tool with maintenance and support the performance is stable very easy to deploy easy for team collaboration lots of community kit contributed by user community (https://cobalt-strike.github.io/community_kit/) Disclaimer…
Microsoft office 365 OAuth Phishing Demo
Microsoft Office 365 OAuth phishing (a.k.a. consent phishing) is on the rise. The compromised O365 accounts provide the attackers with access to victims’ emails, files, contacts, as well as sensitive information and resources stored on corporate SharePoint document management/storage systems and/or OneDrive for Business cloud storage spaces. This quick demo will illustrate how to setup O365 OAuth…
Basic Introduction of Shodan command-line interface
“Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters.” It is a very useful tool for red team (conducting passive reconnaissance) and blue team (identifying potential exposed attack vectors). This post will try to provide some high level insight on how…
Some basic insight in attacking Active Directory
Recently, quite a number of cyber security incidents on the news related to the Active Directory attack, the below simple walk-through is aim to provide a basic technical insight on what the attackers may do in your organisation network in order to obtain high privilege or even domain admin rights. I hope this could provide…
WinFIM.NET – Windows File Integrity Monitoring
There are plenty of commercial tools to do file integrity monitoring (FIM). But, for freeware / Open Source, especially for Windows, it seems not many options. I have developed a small Windows Service named “WinFIM.NET” (https://github.com/OWASP/www-project-winfim.net) trying to fill up this gap. [The original repository https://github.com/redblueteam/WinFIM.NET has been migrated to https://github.com/OWASP/www-project-winfim.net for ongoing maintenance. Please…
Enable Command Line and PowerShell Audit For Better Threat Hunting
Many attacks targeting MS Windows involve the use of PowerShell, which is difficult to be detected since it is capable to execute commands from memory and does not write anything to disk! One of the popular examples is “Mimikatz”. In order to prevent malicious PowerShell attack, limiting the types of commands that can be executed…
Cyber Security Corner 