Extracting Password Hashes from Active Directory

Extracting hashes from Active Directory To extract hashes from Active Directory you must first obtain a copy of the underlying Active Directory database; ntds.dit For more information on the Data Store Architecture please refer to this Microsoft Technet article Prerequisites You must be logged on to a domain controller. Extracting the Database To extract the... » read more

Blue Team Toolset

Being able to detect an intrusion quickly is incredibly important to mitigate risk to a company. Here are some tools I am currently looking at: The CredDefense Toolkit Real Intelligence Threat Analytics

Intrusion Prevention Tools

This is a running list of intrusion prevention tools that I am interested in. Host Based Intrusion Prevention CroudStrike From Crunchbase: “CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across... » read more

Whitelist Entire Country with ipset

Goal: Whitelist an Entire Country with ipset For this article i’ll be referencing the github repository I set up at https://github.com/ssstonebraker/braker-scripts/tree/master/working-scripts/ipset We have a few files there, specifically: * cidr_to_ipset.sh (a script to create an ipset ruleset) * Some example CIDR blocks for Italy (IT.txt), Spain (ES.txt), Great Britian (GB.txt), USA (US.TXT) * sample_firewall.txt (example... » read more

barnyard2 won’t log to database – how to fix it

What to do when barnyard2 won’t log to the database…. Are you seeing something like this? [SignatureReferencePullDataStore()]: No Reference found in database ... Full text: # /usr/local/bin/barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/barnyard2/barnyard2.waldo Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" +[ Signature... » read more

Mandiant Highlighter – Log and Text File Viewer Review

Product Review – Mandiant Highlighter Today we are looking at Mandiant Highlighter; Log and Text File Viewer Product home page can be found here Cost: Free! Overview MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed at... » read more

check if twitter acct hacked

To check if twitter acct hacked you can look at the recent pastebin posts ( page 1 | page 2 | page 3 | page 4 | page 5 ) and do a find for your username. Additionally a number of websites will search all known publicly posted “hacked” to see if your email or account... » read more

hash windows files against known good set

Let’s say you wanted to hash windows files against a known good set of hashes. Here’s how to do it! Required Tools md5deep nsrlquery You’ll also need a server to query against.  Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service!   What’s nsrlquery? nsrlquery is an umbrella project that’s home to... » read more