Credential Dumping As MITRE says on its website, adversaries dump credentials to obtain login credentials to perform lateral movement when they got access to a computer. Several tools and techniques may be used to dump credentials of a computer. Here, I will try to show two different credential dumping techniquesContinue Reading
Do you want your partners trust you directly? Well, do you trust your third party partners directly? When adversaries are in, they always check different ways to reach more places. So, if one of your trusted third party connection got hacked, it means that there is just a short timeContinue Reading
With increasing remote workforce process during Covid-19, clients are now more independent with their laptops and mobile phones that also being used for personal usage besides organizational usage. Not only workers, but also computers and data are now outside the organization and most of the protection layers such as firewallContinue Reading
Last week, I hearth that an organization did not add antivirus agent to their PC image. They are formatting the PC with their image, then connecting to the network and waiting for the sccm installing the antivirus software to the PC. Also, for remote users working on the field, someContinue Reading
function global:wget($Address, [switch]$NoCache){ $client = New-Object Net.WebClient $proxy = New-object System.Net.WebProxy “10.0.0.10:8080” $proxy.Credentials = New-Object System.Net.NetworkCredential (“DOMAIN\user”, “password”) $client.proxy=$proxy$Client.Headers.Add(“user-agent”, “Windows Powershell WebClient Header”) if ($NoCache) {# doesn’t use the cache at all$client.CachePolicy = New-Object Net.Cache.RequestCachePolicy([Net.Cache.RequestCacheLevel]::NoCacheNoStore)}$client.DownloadString($Address)}wget -Address “http://www.be4sec.com” -NoCacheContinue Reading
SmartVision is the lateral movement detection module of the network security product (NX) of FireEye. There are too many documents and descriptions about it on FireEye’s website, so I will not touch on it here. I just want to explain what SC Killswitch is in the SmartVision configuration, since thereContinue Reading
While using PhotoImage object in Tkinter, the reference must be held. Tkinter does not handle references to the objects truly. If you do not use your own reference, Tkinter just makes the image transparent, just a blank screen. As an example; When we write the code without the reference like;Continue Reading
Especially with the very different situations we live than usual in recent months – quarantine since corona and widespread of remote works, most of the working days are passing with remote meetings. Zoom, Skype or others are now an indispensable part of our life now. When this happens, there isContinue Reading
All IT professionals know that most of the cyber attacks begin with an email. Actually, according to statistics of Phishme Defense Guide 2017, 91% of cyber attacks began with an email. It is not surprise, since all we know that the human is the weakest part of cyber defense. IfContinue Reading
DLP is a technology we use more than one decade. The starting point of DLP was protecting IP (Intellectual Property) of the organizations and became very popular for too many sectors. Organizations spent, and still spending millions of dollars for DLP solutions, to protect their private data. However, Gartner says;Continue Reading