A collection of cybersecurity content.

Category: RedTeam

  • Abusing DNS: Hiding Commands in TXT Records

    Abusing DNS: Hiding Commands in TXT Records

    Intro While TXT DNS (text domain name system) records have legitimate purposes, it is important to be aware that adversaries can exploit TXT records to hide content and commands. Adversaries may use DNS to establish communication with systems that are under their control within a victim network, all while appearing as normal, expected traffic. What […]

  • PowerShell Phishing: How Adversaries Use the Command Line to Steal Your Credentials

    PowerShell Phishing: How Adversaries Use the Command Line to Steal Your Credentials

    Intro In addition to the well-known email-based phishing attacks where attackers impersonate legitimate websites to deceive users into revealing their login credentials, attackers can employ other methods to trick users into giving away their sensitive information. It is possible to deceive users on an internal network to engage them with a prompt that will coerce […]

  • Recent Files & Directories: Collecting Evidence

    Recent Files & Directories: Collecting Evidence

    Intro During an incident, it is imperative to gather as much information as possible to establish a comprehensive timeline of events. One crucial aspect of information collection is identifying the most recent files and directories on the impacted host found in %AppData%\Roaming\Microsoft\Windows\Recent. This information plays a crucial role in helping to understand the sequence of […]

  • Unconstrained Delegation: Hunting for AD Weaknesses

    Unconstrained Delegation: Hunting for AD Weaknesses

    Intro Unconstrained delegation is a setting in Active Directory that allows a computer to impersonate a user and perform actions on their behalf. This feature is enabled by default on domain controllers in Active Directory. Concept Explained Imagine you have a big library with lots of books. Some of the books are really special and […]

  • Hunting Indirect Command Execution Using FTP

    Hunting Indirect Command Execution Using FTP

    Intro Ftp.exe can be used for starting arbitrary processes and commands. Indirect Command Execution is a technique used by adversaries to execute arbitrary commands through a trusted system or application. Adversaries use this technique to evade security controls and conceal their actions, making it difficult for defenders to detect and prevent malicious activity. Did you […]