During some testing on my Windows VPS, I was checking out the OpenSSH server feature in Windows. This reminded me about the times our Red Team tunneled Remote Desktop Protocol (RDP) network traffic through an encrypted Secure Shell (SSH)-session, when pivoting in our customer’s network. Hiding your RDP traffic in…

The Fun Uncle So, sit down and have a drink of your choice, because it’s story time with Uncle Bert. The fun uncle, not the weird one from birthdays. Or at least I hope. I’ve been a Blue Teamer for almost 15 years in various government positions; for example SOC analist, forensics and…

In my last blog, I wrote how to detect fileless malware, but out-of-scope was how to hunt if you have an indication that someone is poking around in your network. …

Table of Contents Introduction Detecting the Command and Control Traffic (C2) Endpoint Detection and Prevention Securing Powershell Threat Hunting Bonus Conclusion Introduction Some of you might have read the tutorials from my dear colleague Crypt0jan on how to bypass Windows Defender. That’s all fine and dandy but we’re a Purple Team and my job…

People often ask me how I analyse a Securiy Alert or incident. There really is no set way and much has to do with experience, the tools at hand and the maturity of your SOC. However there are some steps that in my opinion always work. This is by no…

An Introduction To Security Monitoring With Open Source Software Why another post about security monitoring? Having worked (and build) in Security Operations Centers (SOC) for many years and having observed many organizations during Chapter8’s Purple Team missions, in my experience many companies still view security monitoring as something magical and believe you need a SOC to perform this task…