Category: Defense

Detecting CrackMapExec (CME) with Bro, Sysmon, and Powershell logs

October 19, 2017
DefenseIncident Response
0 Comment

CrackMapExec is a popular tool that is used by attackers to move laterally throughout an environment. I use it personally on my penetration tests, as I’ve found that it does a really good job at moving from system to system without detection.  My goal with this blog post is to give defenders some techniques on…

Read More

Securing a default installation of MacOS

June 19, 2017
DefenseOSX
0 Comment

  This was originally written as the basis for a GIAC Gold paper.  Ultimately, it was not unique enough to warrant a research paper, but will provide an overview of the security features of MacOS.   As of mid 2016, MacOS captures nearly 10% of the global market for desktop PC software.  While Apple computers…

Read More

Removing Backdoors – Powershell Empire Edition

January 30, 2017
DefenseIncident Responsepersistence
0 Comment

                  I’m a big fan of Powershell Empire for penetration testing.   If you haven’t heard of it, it is a post-exploitation framework which uses powershell agents to run post-exploitation scripts on a target system.  This blog post is meant to address a small subset of the…

Read More