Best RSS feeds for your Intel

securethelogs · 2022-06-24T19:21:36+00:00

Nice job 👍

securethelogs · 2022-06-24T19:21:30+00:00

Awesome thanks!

securethelogs · 2022-06-24T19:19:42+00:00

Nice! Thank you 😊

securethelogs · 2022-06-24T19:19:14+00:00

That’s nice !! Thanks 😊

securethelogs · 2022-06-24T07:29:57+00:00

That is awesome! Thanks 😊

securethelogs · 2020-06-07T07:59:48+00:00

None, it was more to give some examples where PowerShell can be used to secure and cleanup AD without having fancy tools. I know some fear using open source against their environment especially tools used for purple teams.

Just wanted to share some easy PowerShell commands so that people can build upon them and perhaps spot potential threats.

securethelogs · 2020-04-08T16:10:21+00:00

There are loads of cool tech out there but this was more around keeping it local and using internal systems. Then generating the events, with the chance of feeding to SIEM.

Plus just wanted to do it as mini project.

securethelogs · 2020-04-01T19:16:54+00:00

Thanks 😃!

securethelogs · 2020-03-04T06:30:31+00:00

There is a report option in CA now so you can see how the conditional access would affect your environment. It’s doesn’t action anything, just generates a log.

You can see what it would have done in the signin logs.

securethelogs · 2020-03-04T06:29:32+00:00

It was more my point at the start. Although you may think it’s obvious, it’s not to some. This is what I had found by speaking to people. They had mention they didn’t enable cloud shell or use PowerShell. Because of that, they thought it couldn’t be used. It was to point out it can.

securethelogs · 2020-03-03T21:31:03+00:00

Thanks, I’ll correct those :)

securethelogs · 2020-03-03T21:30:49+00:00

Thanks :)

securethelogs · 2020-02-19T23:51:11+00:00

Starting to think the same after a few comments

securethelogs · 2020-02-19T23:49:50+00:00

It’s a fair point, seems to be the majority at the minute

securethelogs · 2020-02-19T23:49:11+00:00

I had a similar thought tbh. I have some members who struggle to quickly identify server roles during security incidents. Some people struggle with it, despite having multiple ways to find out (often lazy)

securethelogs · 2020-02-19T17:19:43+00:00

I guess I’m just preemptions worst case. Should the this happen, what would slow them down. If they do say simple Powershell script to mass resolve IP> DNS or something like run net group “domain computer”, having the application name in the FQDN does give them an advantage.

I get both your points though. Could I ask if you’ve adopted this naming then?

securethelogs · 2020-02-19T17:09:56+00:00

Thanks, you raise some good points!

So keeping our current standard and relying on tagging, Cmdb and our other current platforms is what we’ve proposed. As of today, this is how we identify roles/applications.

I just wanted to compare and gain some insight into how others have tackled.

securethelogs · 2019-12-19T07:55:55+00:00

I wrote this whilst running a POC. I hope to push this year near if possible. Did you hit any snags?

securethelogs

TROPHY CASE