Although it’s just September yet, it feels like the year is almost over with all the stuff there is to do. The CISSP with 90 days left until the exam is almost around the corner and a lot of other private stuff is still in the making. Cleaning, Clearing, Erasing, Purging, Degaussing and Destruction The thought for this blogpost originated when I put my old server racks in the car for destruction. Read more...

While flying through some clouds and on my way to enjoy some holidays on the other side of the globe, the thought about the current status on cloud environments is keeping me awake. “It feels like cloud security is still in it’s infancy!?”, “How long did it actually take, to get to the current status on On-premise AD security?”, “What’s the current status on cloud environments?”, “How long did it take to get to this state? Read more...

The first part of my BloodHound post was about the setup and usage of the tool. This part will mainly focous on the built-in queries and some small tips and tricks. I think the only way to fully grasp BloodHound is by frequently using it. Built-in queries After dumping our raw data with SharpHound1, it’s time to get to work. BH has some built-in queries which helps us to get a quick overview of the domain we are facing. Read more...

“Die Zahl der Angriffe auf IT- und OT-Infrastrukturen hat in den letzten Jahren drastisch zugenommen.” Solche und ähnliche Aussagen finden sich mittlerweile nicht mehr nur auf einschlägigen Nachrichtenseiten im Internet. Das Verständnis darüber, dass Cyberangriffe von Kriminellen keinesfalls Fiktion aus Hollywood sind, dringt langsam aber sicher in das Bewusstsein der Menschen1. Bedrohungen Was sind eigentlich die wesentlichen Bedrohungen denen Unternehmen oder immer häufiger Städte/Kommunen (z.B. Witten2 und Schwerin3) ausgesetzt sind? Meistens verfolgen Kriminelle die Absicht Lösegelder zu erbeuten. Read more...

A lot of organizations and companies run antivirus software on their users clients. Users should be protected from themselves by preventing the execution of .exe files or scripts. Through GPOs and standard tools of the OS, this can be achieved. In this post we’ll be mainly talking about how to bypass tools like AMSI1 and Windows Defender. Antivirus Software The first AV software originated back in 1972. Since the first known Virus was the so called “Creeper Virus”2, Ray Tomlinson used to write the “Reaper”3, a program to remove it. Read more...