According to a study by NordPass, the average user with an online presence has about 80-100 passwords. This explains to some degree why individuals tend to use easy passwords. Just take a moment to think about how many passwords you have. What’s the current state of your password hygiene? Do you use the same password … Read more
Winlogbeat is a lightweight open-source Windows agent that uses the Windows API to ship different event logs to Logstash or Elasticsearch. I have been a Splunk user for quite some time, but I have started to also leverage the Elastic Stack at work and in my home lab. This post is for my reference and anyone trying to configure … Read more
Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more
This is the final part of a multipart blog post, read part one and two then continue here. In part 2, we simulated adversary interaction with our deployed tokens and then leveraged Windows Event Viewer to assess the generated artifacts. What follows will be several options for getting the audit logs from the endpoints to … Read more
So I figured it was about time I started my foray into the blog-o-sphere. Hold your beer while I get organized and squeeze content out to the masses.