Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 291

Feed: Blog

Articles recieved 01/10/2022
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session. msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions. carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command you...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development 
🔥🔥
 
Published: 2017 10 25 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2022 10 01 03:48:56
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2022 10 01 03:48:55
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2022 10 01 03:48:55
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2022 10 01 03:48:55
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi 
🔥🔥
 
Published: 2020 02 03 10:00:00
Received: 2022 10 01 03:48:55
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Tracking WMI Activity with PSGumshoe - published over 2 years ago.
Content: WMI (Windows Management Instrumentation) is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF). This allows for a unified way to manage a group of systems by administrators allowing them to get information about the system, its current state...
https://www.darkoperator.com/blog/2022/3/27/tracking-wmi-activity-with-psgumshoe 
🔥🔥
 
Published: 2022 03 27 17:18:01
Received: 2022 10 01 03:48:55
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
03:48 Basics of Tracking WMI Activity
🔥🔥
03:48 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
03:48 Update to Pentest Metasploit Plugin
🔥🔥
03:48 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
03:48 Switching Ruby Version in RVM for Metasploit Development
🔥🔥
03:48 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
03:48 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
03:48 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
03:48 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
03:48 Rebuilding My Playbook .. Knowledge Base
🔥🔥
03:48 Operating Offensively Against Sysmon
🔥🔥
03:48 Getting DNS Client Cached Entries with CIM/WMI
🔥🔥
03:48 Tracking WMI Activity with PSGumshoe
🔥🔥
Articles recieved 14/04/2022
Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable.  ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says 
🔥🔥
 
Published: 2017 05 07 21:51:27
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session. msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions. carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command you n...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development 
🔥🔥
 
Published: 2017 10 25 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi 
🔥🔥
 
Published: 2020 02 03 10:00:00
Received: 2022 04 14 12:06:17
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Tracking WMI Activity with PSGumshoe - published over 2 years ago.
Content: WMI (Windows Management Instrumentation) is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF). This allows for a unified way to manage a group of systems by administrators allowing them to get information about the system, its current state...
https://www.darkoperator.com/blog/2022/3/27/tracking-wmi-activity-with-psgumshoe 
🔥🔥
 
Published: 2022 03 27 17:18:01
Received: 2022 04 14 12:06:16
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
12:06 How Much Your Org Reaction to a Tweet Says?
🔥🔥
12:06 Basics of Tracking WMI Activity
🔥🔥
12:06 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
12:06 Update to Pentest Metasploit Plugin
🔥🔥
12:06 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
12:06 Switching Ruby Version in RVM for Metasploit Development
🔥🔥
12:06 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
12:06 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
12:06 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
12:06 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
12:06 Rebuilding My Playbook .. Knowledge Base
🔥🔥
12:06 Operating Offensively Against Sysmon
🔥🔥
12:06 Getting DNS Client Cached Entries with CIM/WMI
🔥🔥
12:06 Tracking WMI Activity with PSGumshoe
🔥🔥
Articles recieved 23/03/2022
Article: Home Lab - VPN - published over 7 years ago.
Content: Since our lab is isolated from the home network behind the router we need a way to access the VM's inside from our research systems. To access the systems behind the router we can use a VPN. With VyOS we have 2 options:L2TP/IPSec - Native support on Windows and OS X. Linux client support can be tricky.OpenVPN - Requires third party client installed, works we...
https://www.darkoperator.com/blog/2017/2/5/home-lab-vpn 
🔥🔥
 
Published: 2017 03 09 11:50:29
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable.  ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says 
🔥🔥
 
Published: 2017 05 07 21:51:27
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session. msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions. carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command yo...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development 
🔥🔥
 
Published: 2017 10 25 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2022 03 23 10:46:10
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi 
🔥🔥
 
Published: 2020 02 03 10:00:00
Received: 2022 03 23 10:46:09
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
10:46 Home Lab - VPN
🔥🔥
10:46 How Much Your Org Reaction to a Tweet Says?
🔥🔥
10:46 Basics of Tracking WMI Activity
🔥🔥
10:46 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
10:46 Update to Pentest Metasploit Plugin
🔥🔥
10:46 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
10:46 Switching Ruby Version in RVM for Metasploit Development
🔥🔥
10:46 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
10:46 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
10:46 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
10:46 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
10:46 Rebuilding My Playbook .. Knowledge Base
🔥🔥
10:46 Operating Offensively Against Sysmon
🔥🔥
10:46 Getting DNS Client Cached Entries with CIM/WMI
🔥🔥
Articles recieved 21/03/2022
Article: Sysmon for Linux PowerShell Module - published over 2 years ago.
Content:
https://www.darkoperator.com/blog/2022/3/21/sysmon-linux-powershell-module 
🔥🔥
 
Published: 2022 03 21 10:00:00
Received: 2022 03 21 10:06:07
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
10:06 Sysmon for Linux PowerShell Module
🔥🔥
Articles recieved 11/03/2022
Article: Posh-Sysmon Module for Creating Sysmon Configuration Files - published almost 8 years ago.
Content: Why a PowerShell ModuleSysmon configuration can be complex in addition to hard to maintain by hand. For this purpose I created a module called Posh-Sysmon some time ago to aid in the creation and maintenance of configuration files. The module was initially written after the release of version 2.0 and has been maintained and expanded as new version have been ...
https://www.darkoperator.com/blog/2017/2/17/posh-sysmon-powershell-module-for-creating-sysmon-configuration-files 
🔥🔥
 
Published: 2017 02 20 11:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Home Lab - VPN - published over 7 years ago.
Content: Since our lab is isolated from the home network behind the router we need a way to access the VM's inside from our research systems. To access the systems behind the router we can use a VPN. With VyOS we have 2 options:L2TP/IPSec - Native support on Windows and OS X. Linux client support can be tricky.OpenVPN - Requires third party client installed, works we...
https://www.darkoperator.com/blog/2017/2/5/home-lab-vpn 
🔥🔥
 
Published: 2017 03 09 11:50:29
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable.  ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says 
🔥🔥
 
Published: 2017 05 07 21:51:27
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session. msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions. carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command you nee...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development 
🔥🔥
 
Published: 2017 10 25 12:00:00
Received: 2022 03 11 16:06:21
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi 
🔥🔥
 
Published: 2020 02 03 10:00:00
Received: 2022 03 11 16:06:20
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
16:06 Posh-Sysmon Module for Creating Sysmon Configuration Files
🔥🔥
16:06 Home Lab - VPN
🔥🔥
16:06 How Much Your Org Reaction to a Tweet Says?
🔥🔥
16:06 Basics of Tracking WMI Activity
🔥🔥
16:06 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
16:06 Update to Pentest Metasploit Plugin
🔥🔥
16:06 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
16:06 Switching Ruby Version in RVM for Metasploit Development
🔥🔥
16:06 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
16:06 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
16:06 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
16:06 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
16:06 Rebuilding My Playbook .. Knowledge Base
🔥🔥
16:06 Operating Offensively Against Sysmon
🔥🔥
16:06 Getting DNS Client Cached Entries with CIM/WMI
🔥🔥
Articles recieved 03/03/2022
Article: Home Lab - VPN - published over 7 years ago.
Content: Since our lab is isolated from the home network behind the router we need a way to access the VM's inside from our research systems. To access the systems behind the router we can use a VPN. With VyOS we have 2 options:L2TP/IPSec - Native support on Windows and OS X. Linux client support can be tricky.OpenVPN - Requires third party client installed, works we...
https://www.darkoperator.com/blog/2017/2/5/home-lab-vpn 
🔥🔥
 
Published: 2017 03 09 11:50:29
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable.  ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says 
🔥🔥
 
Published: 2017 05 07 21:51:27
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session.msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2022 03 03 07:06:06
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2022 03 03 07:06:05
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2022 03 03 07:06:05
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2022 03 03 07:06:05
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
07:06 Home Lab - VPN
🔥🔥
07:06 How Much Your Org Reaction to a Tweet Says?
🔥🔥
07:06 Basics of Tracking WMI Activity
🔥🔥
07:06 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
07:06 Update to Pentest Metasploit Plugin
🔥🔥
07:06 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
07:06 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
07:06 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
07:06 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
07:06 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
07:06 Rebuilding My Playbook .. Knowledge Base
🔥🔥
07:06 Operating Offensively Against Sysmon
🔥🔥
Articles recieved 06/06/2021
Article: Posh-Sysmon Module for Creating Sysmon Configuration Files - published almost 8 years ago.
Content: Why a PowerShell ModuleSysmon configuration can be complex in addition to hard to maintain by hand. For this purpose I created a module called Posh-Sysmon some time ago to aid in the creation and maintenance of configuration files. The module was initially written after the release of version 2.0 and has been maintained and expanded as new version have been ...
https://www.darkoperator.com/blog/2017/2/17/posh-sysmon-powershell-module-for-creating-sysmon-configuration-files 
🔥🔥
 
Published: 2017 02 20 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Home Lab - VPN - published over 7 years ago.
Content: Since our lab is isolated from the home network behind the router we need a way to access the VM's inside from our research systems. To access the systems behind the router we can use a VPN. With VyOS we have 2 options:L2TP/IPSec - Native support on Windows and OS X. Linux client support can be tricky.OpenVPN - Requires third party client installed, works we...
https://www.darkoperator.com/blog/2017/2/5/home-lab-vpn 
🔥🔥
 
Published: 2017 03 09 11:50:29
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable.  ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says 
🔥🔥
 
Published: 2017 05 07 21:51:27
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: WanaCry Shows a Operational and Human Problem - published over 7 years ago.
Content: This last couple of day the headline has been the WannaCry ransomeware worm. I have seen many discussion about the technical aspects of it, about the disclosure of the vulnerability and debates of who is at fault for its widespread effect (Microsoft, NSA, Shadow Brokers ..etc). Yet the big elephant in the room remains that this is history that will repeat it...
https://www.darkoperator.com/blog/2017/5/14/wanacry-a-operational-and-business-problem 
🔥🔥
 
Published: 2017 05 15 01:53:31
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 
🔥🔥
 
Published: 2017 10 16 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events 
🔥🔥
 
Published: 2017 10 18 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session.msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin 
🔥🔥
 
Published: 2017 10 19 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup 
🔥🔥
 
Published: 2017 10 23 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions.carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command you need...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development 
🔥🔥
 
Published: 2017 10 25 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule 
🔥🔥
 
Published: 2017 11 07 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule 
🔥🔥
 
Published: 2017 11 08 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office.  The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office 
🔥🔥
 
Published: 2017 11 14 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Some Comments and Thoughts on Tradecraft - published about 7 years ago.
Content: I have been writing a series on the new Windows Defender Exploit Guard features on Attack Surface Reduction where I cover my research on it. I'm researching the controls to add the information in to my personal playbook. Surprisingly in conversations with some Red Teamers I know they dismissed the information as it is a Blue/Defense technology. These comment...
https://www.darkoperator.com/blog/2017/11/20/some-comments-and-thoughts-on-tradecraft 
🔥🔥
 
Published: 2017 11 20 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.  A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update 
🔥🔥
 
Published: 2017 11 27 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format.  I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4 
🔥🔥
 
Published: 2017 12 13 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon 
🔥🔥
 
Published: 2018 10 08 10:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Being Grateful at Heilderburg - published over 5 years ago.
Content: Recently while in the bar of the Crown Plaza in Heidelberg for the Troopers conference I became aware of the number of how grateful I should be for what I have in this industry. For what I’m grateful for is not technical or recognition but of the group of people in the industry, I have the honor to call friends. I would like to share some of them in this blo...
https://www.darkoperator.com/blog/2019/3/24/being-grateful-at-heilderburg 
🔥🔥
 
Published: 2019 03 25 01:06:52
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi 
🔥🔥
 
Published: 2020 02 03 10:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Operational Thoughts in Trying Times - published over 4 years ago.
Content: This post is as much as a reminder to myself of where I should focus on the multiple jobs I have and also share with the community are large what I consider important and key in this trying times.  Last year a dinner I had a very nice conversation with my friend Ed Skoudis on security consultancies and how many operated. This conversation covered many aspect...
https://www.darkoperator.com/blog/2020/5/6/operational-thoughts-in-trying-times 
🔥🔥
 
Published: 2020 05 06 10:00:31
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
Article: Beyond the Technical - Advise for those starting in Infosec - published almost 4 years ago.
Content:
https://www.darkoperator.com/blog/2020/12/28/beyond-the-technical-advise-for-those-starting-in-infosec 
🔥🔥
 
Published: 2020 12 28 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security
09:05 Posh-Sysmon Module for Creating Sysmon Configuration Files
🔥🔥
09:05 Home Lab - VPN
🔥🔥
09:05 How Much Your Org Reaction to a Tweet Says?
🔥🔥
09:05 WanaCry Shows a Operational and Human Problem
🔥🔥
09:05 Basics of Tracking WMI Activity
🔥🔥
09:05 Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
🔥🔥
09:05 Update to Pentest Metasploit Plugin
🔥🔥
09:05 Basics of The Metasploit Framework API - IRB Setup
🔥🔥
09:05 Switching Ruby Version in RVM for Metasploit Development
🔥🔥
09:05 Windows Defender Exploit Guard ASR VBScript/JS Rule
🔥🔥
09:05 Windows Defender Exploit Guard ASR Obfuscated Script Rule
🔥🔥
09:05 Windows Defender Exploit Guard ASR Rules for Office
🔥🔥
09:05 Some Comments and Thoughts on Tradecraft
🔥🔥
09:05 Operational Look at Sysinternals Sysmon 6.20 Update
🔥🔥
09:05 Rebuilding My Playbook .. Knowledge Base
🔥🔥
09:05 Operating Offensively Against Sysmon
🔥🔥
09:05 Being Grateful at Heilderburg
🔥🔥
09:05 Getting DNS Client Cached Entries with CIM/WMI
🔥🔥
09:05 Operational Thoughts in Trying Times
🔥🔥
09:05 Beyond the Technical - Advise for those starting in Infosec
🔥🔥
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Cyber Tzar Score Analysis
Cyber Tzar Score Analysis
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 291
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor