There will be times when you will keep hearing about The Crown Jewels and The Pyramid of Pain. These two are very important when it comes to Cyber Security.
In today’s world all we are trying is to secure our critical assets (Mission Critical Assets). These are the assets which drive on organisation and without which one organisation will never stand on its feet’s. …
When we take a look at MITRE Discovery Techniques we find that System Information Discovery is there. This is crucially important as it yields a huge amount of information of a particular system. In the past there have been huge kind of malware attacks in which it looked at the system information to check whether the system is a VM or HW. When the system is installed. Is the system sandbox, honeypot. How many processors does the system have, how much is the memory there.
There is a lot of information, system information can yield. Adversaries have been using it…
In my previous article I have talked about Windows Registry Keys i.e. what are they and how attackers/adversaries can alter their values in order to stay persistent and keep on doing what they want to do.
In this, article I will be talking about Windows Command Shell and how adversaries take advantage of this to execute malicious commands, scripts, gain access to data, modify data, delete data, stay persistent and a lot more.
If we take a look on MITRE ATT&CK, it provides us with so much valuable information.
As, CMD is the primary command prompt available in every Windows…
In the world of today, Cyber Adversaries are on rise. They are targeting every kind of organization to gain access and then hide themselves for long time in order to hunt down every bit of information required. Increasing number of malwares have been found today and every now and then we come to hear about Malware Attacks, Ransomware Attacks that the adversaries have been hiding for years before shutting down all the systems or before asking for ransom.
The first and the foremost thing for the adversaries once they have gained access to a system is that they need themselves…
It is not fun to watch end users, company stakeholders, company management receiving such emails. Most of the times, I have seen Invoice emails, Email not received type of mails etc. Over the period of time I have took few samples to look into over a period of time in order to gain more insights onto how the newbies and highly sophisticated attackers are using this known technique of Social Engineering nowadays.
In one of the sample, which derived my interest was it contained an attachment with the disguised text that your emails are rejected. But the thing to be…
In today’s cyber world we are heavily dependent on emails for our official communications. There are times when we need to use our official domains to log into organization’s partners portals or sometimes we need to subscribe to a security news feed and sometimes we are required to use out email for newsletters and for marketing stuff via our official email address. The intentions of doing so are not wrong but in fact organizations we are doing this on purpose.
On the other hand attackers, spammers, hackers are desperately looking for such information. They are actively targeting banks, corporate sector…
Whether you are in Cyber Security, IT or Networking. You will always come across SNMP during your day to day job which means that it is something of worth which made it to be used so much. Due to its importance we should also know about this protocol especially we as a penetration testers should have a good idea about this protocol. I have seen many penetration testers in different scenarios who have avoided testing this protocol.
SNMP stands for Simple Network Management Protocol. The abbreviation is pretty clear but let’s break it down to understand it better.
In this section we will take a look onto different conditional statements which are supported by PowerShell. Like other programming languages PowerShell also supports “IF”, “ELSE IF”, “ELSE”, “Ternary Operator” and “Switch Statement”. Let’s take a look onto these one by one.
For the sake of this section we will be utilizing “Windows PowerShell ISE”. Which comes pre-installed in Windows.
IF statement works the same like it does in other programming languages. It checks for the condition, if the condition is satisfied the code within the block is executed else the execution is moved out of the block.
So far we have discussed the cmdlets. Now we will take a look onto variables and then we will discuss different operators which can be performed.
Variables are storage spaces which when defined the OS allocates them space. We use variables to store our data. In PowerShell defining variable is different as different programming languages as well as scripting languages define variables using their own conventions.
Variables in PowerShell start with a Dollar Sign ($). Examples are as above.
Let’s work with different operators. At first we will take a look onto assignment operator (=). …
In the previous article which can be found at Part 1 we discussed the basis of PowerShell and also we took a look onto different cmdlets including Start-Process, Stop-Process, Get-Hotfix, Get-Help, Get-Command etc.
In this section which is Part 2, we will be looking onto different format types available in PowerShell. There are always some default behavior with the tools and software’s but they can be extended. In PowerShell they are called cmdlets. These cmdlets can be a part of Utility, Core etc. but can be utilized with PowerShell.
There is a particular format for the data which is displayed…