Active Directory Effective Permission Auditing

Active directory permissions are a complex beast, at the core of Active Directory you have databases and partitions.

These have access controls lists, there are two types of these:

  • DACL
  • SACL

https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists

In active directory auditing these with out of the box tools can be a pain, especially when you are looking to enumerate effective permissions. Luckily a nice chap as made a great PowerShell app which can help you with your auditing activities! Read more “Active Directory Effective Permission Auditing”

Threat Modelling 101

What is a threat?

https://csrc.nist.gov/glossary/term/threat

According to those clever people at NIST it is:

“Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.” Read more “Threat Modelling 101”

CyberChef Taster

A quick snack

Everyone knows about cyber chef, right? Well, I can tell you now that my misses knows so if you don’t now’s a great time to get to know! Cyber Chef is a tool created by GCHQ distrubted via an apache license that’s hosted on GitHub or you can download and run locally. Read more “CyberChef Taster”

Hacking 101

Back in 2019 I started to make some materials to help people with some basic offensive security techniques. I made three eppisodes of training materials. Well I’ve decided to re-release these, they haven’t really been changed but I’ve updated a few graphics on episode 3 and removed a link to Cain and Abel because it’s no longer maintained. I will probably go through these at some point and re-factor them.

I’ve got more documents on active directory security, I’ve actually written hundreds of pages on the subject but the challenge I’ve had is there is just so much to write, so I’ve decided I’m going to chunk it up into small blogs on a specific technique or area.

Read more “Hacking 101”

WordPress Security Considerations

WordPress is one of the most popular content management systems in the world today. I believe it is about 35% of the market share globally. That is a lot of sites.

I have been using WordPress for years myself; some people give it some stick for being vulnerable but that is usually them referring to third party plugins. I like it because you can build a site easily, without having to spend ages and you can deploy it and migrate etc. without having a huge headache. Read more “WordPress Security Considerations”

Combating Cyber Crime: Should we really be charging to…

Sensational Press or Cyber War Mongering?

I do not know Mr Martin, but I would assume that his role at NCSC and GCHQ would have given him a good insight into the realities of cybercrime, cyber terrorism, nation state affairs and how to effectively defend against cyber criminals (and other threat actors) so please read this blog as it is intended, it’s an analysis on the quoted statements and reporting style and general view of mine about current cyber war rhetoric, not an analysis of the person. Why am I writing this? Well, I am seeing an increased level of FUD, snake oil and cyber war rhetoric and I wanted to share some of my thoughts, opinions, and ideas in this space. For it is far too easy to call for war and in cyberspace do we even know what that means? Read more “Combating Cyber Crime: Should we really be charging to cyber war?”

Password Managers – The Good the Bad and the…

Good practise is not always good practise

For years you might have heard to have a complex password you change regularly (like every 30 days to keep you safe from the hax0rs) but well… let us not lie, it is bloody terrible advice.

Password cracking, brute force attacks, credential stuffing and well mad human things like writing passwords down on post it notes under keyboards are hugely prevalent still. The other day I managed to see a password used on a corporate system which was “Thursday49”. Yep, I know I know we all know that a weak easily guessable, easily crack able password is not a good idea yet honestly, humans like things that work and are simple vs remember their 6 favourite books in reverse order with a complex character and capital letter. Read more “Password Managers – The Good the Bad and the Ugly”

Retrieving Passwords From Veeam Backup Servers

Firstly before we get into recovering passwords from the veeam servers we have to think why is this technique so important to know?

It’s not what you think, so if you are a red teamer/penetration tester then sure you are going to want to know this to support your goals. But the real value in knowing this is to drive home a specific message.

DO NOT (PRODUCTION) DOMAIN JOIN BACKUP SERVERS

Veeam expicitly suports not being on a domain for this very reason. Why Dan? Why is it so important to not (PRODUCTION) domain join them? Well my friends, if a threat actor gets into your network, gains high priviledge access to active directory and get’s onto you veeam server they will probably disrupt and destroy your backup just prior to ransoming everyhing they can. You do no want this!

Read more “Retrieving Passwords From Veeam Backup Servers”

Aggressively Defending Information Systems

Taking a more active approach

You may have seen my post on hacking back and how it’s a nightmare that screams inexperience when I hear it (don’t get me wrong there are very limited times when it might be useful from a national defence perspective/intelligence services but that isn’t really ‘hacking back’ in my book, they are already working that space so it’s not a retaliation) however I’ve been spurred on this morning by a tweet I saw from @1njection:

After tweeting a quick reply, I thought I had put together a quick blog on aggressive active defences! (not wordy much). Read more “Aggressively Defending Information Systems”

Field Notes – Just Patch

Windows update stuck at 0% download status

Often is we find an environment missing software updates it’s easy for someone without hands on experience to say, ‘just patch’. Outside of change requests, outside of authorisation, maintenance windows, roll back plans, communications etc. there is also the fact that ‘just patching’ isn’t that simple. Even for fairly standard patching tasks using Windows Updates you sometimes hit a snag. Today I’m looking at exactly that issue on a server, so I thought I’d post the steps to resolve an issue but also, I think this is a nice way to highlight the realities of patching.

We show a GUI and command line (PowerShell) method to achieve this result (the PowerShell isn’t fancy but I figured you could go away and upgrade that if you fancied some fun). Windows update sometimes has issues (does not all software!) and it is sometimes that we need to help it along the way, so let’s get too it! Read more “Field Notes – Just Patch”

Copyright (c) Xservus Limited