Introduction: This blog post is meant for AD Admins and Security Professionals to look for suspicious activities in Active Directory by using it’s replication metadata. What is Replication?Replication is an important functionality in Active Directory, because it allows changes that happens on one Domain Controller to be transferred on other Domain Controllers in a forest.Continue reading “Using Active Directory Replication Metadata for hunting purposes”
Introduction: In this blog post you will learn more about the security permission model in Windows and how can you view and set permissions on securable objects by using tools like SetObjectSecurity.exe A securable object is an object that can have a Security Descriptor. You can think of folders, registry keys, network shares, services, ActiveContinue reading “SetObjectSecurity.exe – SDDL”
Introduction: Back in the days, when I was still a Windows & AD Admin. I decided to make a document on using the ADSI accelerator to manage objects in Active Directory. There is a funny story behind it, because it was never been my intention to dive deep into this topic, but something triggered meContinue reading “Manage Active Directory objects with ADSI”
Introduction: I have recently blogged about hunting for techniques used by APT41, which only contains a few techniques. Since I wanted to expand this. I’ve decided to create an emulation plan for Blue Teamers. The reason behind this blog post is mainly due to the fact, that I got inspired by MITRE Engenuity Center forContinue reading “APT41 Emulation Plan”
Introduction Today we are going to cover a few techniques that have been used by APT41. During this blog post, we will use the Advanced Hunting feature in Microsoft Defender ATP to hunt for the described techniques. APT41 is a group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity. ThisContinue reading “Hunting for techniques used by APT41”
Something went wrong. Please refresh the page and/or try again.