Category Archives: Penetration Testing
Active Information Gathering with Metasploit-Framework
Using Nmap to perform port scanning Using -sT scanning mode is the default scanning mode of Nmap. The status of the target port is accurately judged through the TCP three-way handshake packet. Since three connections are established, it is extremely easy to be captured by the target firewall. msf> nmap -sT 127.0.0.1 The -sS scan […]
Offensive and Defense Exercise Preparation | How to build an effective corporate security defense system
After the epidemic, work and life gradually returned to normal. For the network security industry, offensive and defensive drills are once again on the agenda. In the new year, how do companies prepare for defense? Let us find the answer from the review and reflection in 2019/20. In 2019/20, offensive and defensive exercises once became […]
Mimikatz Exploration – WDigest
Mimikatz, to this day, remains the tool of choice when it comes to extracting credentials from lsass on Windows operating systems. Of course this is due to the fact that with each new security control introduced by Microsoft, GentilKiwi always has a way out. If you have ever looked at the effort that goes into […]
Automated Lab: Automate Your Active Directory Security Lab
Building an active directory security lab is not easy, it requires time and resources as well as skills. What if we had an automated way of doing all the hard work? Well, that’s where AutomatedLab! Is convenient! github.com AutomatedLab (abbreviated as AL ) is an automated construction framework for Windows environments developed by Microsoft . You can use it to create labs in […]
THREAT MODELING TODAY
What Is Threat Modeling? Threat modeling is a proactive approach to identifying entry points to enumerate threats and building security measures to prevent security breaches in applications and computer and network systems. It’s an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application and systems. […]