Skip to main content

112 docs tagged with "alessandro"

View all tags

1. 🔒 Disable LLMNR and NetBIOS on Windows

By default, Windows ships with insecure legacy protocols like LLMNR and NetBIOS enabled. These protocols can leak username and password hashes over the network and are often abused by tools like Responder.

1. BloodHound - SharpHound

BloodHound CE is the latest version, featuring a modern web interface and simplified setup using Docker.

1.0 Python - Arrays

Python does not have built-in support for Arrays, but Python Lists can be used instead.

1.0 Python - Strings

Strings in python are surrounded by either single quotation marks, or double quotation marks.

11. Threat Hunting Glossary

Within the domain of cybersecurity and threat hunting, several crucial terms and concepts play a pivotal role. Here's an enriched understanding of these:

19. Detecting Attacker Behavior With Splunk Based On Analytics

As previously mentioned, the second approach leans heavily on statistical analysis and anomaly detection to identify abnormal behavior. By profiling normal behavior and identifying deviations from this baseline, we can uncover suspicious activities that may signify an intrusion. These statistical detection models, although driven by data, are invariably shaped by the broader understanding of attacker techniques, tactics, and procedures (TTPs).

3.0 Python - Inheritance

Inheritance allows us to define a class that inherits all the methods and properties from another class.

3.0 Python - Update Tuples

Tuples are unchangeable, meaning that you cannot change, add, or remove items once the tuple is created.

4.0 Python - Scope

A variable is only available from inside the region it is created. This is called scope.

5. Event Tracing for Windows (ETW)

In the realm of effective threat detection and incident response, we often find ourselves relying on the limited log data at our disposal. However, this approach falls short of fully harnessing the immense wealth of information that can be derived from the powerful resource known as Event Tracing for Windows (ETW). Unfortunately, this oversight can be attributed to a lack of awareness and appreciation for the comprehensive and intricate insights that ETW can offer.

5.0 Python - Global Variables

Variables that are created outside of a function (as in all of the examples in the previous pages) are known as global variables.

5.0 Python - Polymorphism

The word "polymorphism" means "many forms", and in programming it refers to methods/functions/operators with the same name that can be executed on many objects or classes.

7. Get-WinEvent

Understanding the importance of mass analysis of Windows Event Logs and Sysmon logs is pivotal in the realm of cybersecurity, especially in Incident Response (IR) and threat hunting scenarios. These logs hold invaluable information about the state of your systems, user activities, potential threats, system changes, and troubleshooting information. However, these logs can also be voluminous and unwieldy. For large-scale organizations, it's not uncommon to generate millions of logs each day. Hence, to distill useful information from these logs, we require efficient tools and techniques to analyze these logs en masse.

9. Threat Hunting Fundamentals

The median duration between an actual security breach and its detection, otherwise termed "dwell time", is usually several weeks, if not months. This implies a potential adversarial presence within a network for a span approaching three weeks, a duration that can be significantly impactful.

Shodan.io CHEAT SHEET

A quick reference guide for leveraging Shodan, the search engine for Internet-connected devices.