Don’t Let Scheduled Tasks Compromise Your Security: 4 Ways to Detect and Prevent Them

Scheduled tasks are a powerful feature of Windows that allow you to automate tasks. However, they can also be a double-edged sword if they are hijacked by adversaries to launch attacks or maintain persistence. In this post, I will reveal 4 ways to detect and prevent scheduled tasks from compromising your security. 1. Monitoring the […]

Attack Surface Management 101: 3 Ways to Protect Your Online Assets

One thing I have learned after 15+ years in IT and Security is that knowing where all of your assets are and what they are is one of the most challenging projects you can manage. You can’t detect and respond to threats on systems you do not even know exist! The fact that Microsoft can […]

Reconnaissance: The First Step to Successful Penetration Testing

Reconnaissance is the process of gathering information about a target system or network before launching an attack. It is a crucial step in any penetration testing process, as it helps to identify the target’s vulnerabilities, weaknesses, and potential entry points. Reconnaissance can be performed in two ways: passively or actively. Passive reconnaissance involves collecting information […]

Dripping a Little Honey in Your Environment

Today I wanted to talk about using the deception technology called New-HoneyHash.ps1. This is a tool that was inspired by Mark Baggett and authored by Matt Graeber, that will inject fake credentials into the lsass.exe process. This can be effective at finding attackers who are dumping the lsass process in your environment in order to […]

Pivoting with SSH Tunnels and Plink

Today I wanted to do a blog post on pivoting with SSH tunnels and using Plink to forward connections to other computers, once you have a foothold in an environment. For this scenario, I used two Virtual Private Servers (VPS’s), my Kali VM, and my ESXi lab environment consisting of an Elastic Stack VM running […]

PrintNightmare and SSH Tunnels for Fun

Today I wanted to cover a subject that has been covered many times before, but writing about the techniques and tools I am learning helps me solidify my knowledge so here we go. Today’s post will be about, testing out the PrintNightmare exploit in my homelab through dynamic and remote SSH tunnels. I got the […]

To Catch a Hacker in My Home Lab – Atreides

Introduction This blog post will walk you through how to answer the questions that are contained in my Atreides scenario located here: https://github.com/medmondson44/dune/tree/main/atreides. The Jupyter Notebook file is located there. The blog post will go through the initial access vector, situational awareness commands that were run, persistence mechanism used, how privilege escalation to System was […]

Detecting mshta in a Home Lab

Today I wanted to do a quick blog post on how to test your security tools to find the Windows binary mshta.exe downloading a malicious .hta file. My setup is an Elastic Stack VM, a Windows endpoint configured with Elastic’s endpoint agent. In addition, I used a Parrot security VM as my attacking machine and […]

To Catch a Hacker in My Home Lab – Noabar

Today I wanted to write a blog post to answer the questions to the Noabar scenario located here: https://github.com/medmondson44/dune. A little background on what Noabar is, this is a Windows machine in my home lab that I attacked to create artifacts. There is a README file that has some question that can be answered based […]

SSH Tunnelling

In today’s blog post I wanted to talk about Secure Shell (SSH) and some of its powerful features. We will start with some of the basics such as what it is, what it does, and then more advanced concepts such as how an adversary can use it to hide themselves, through multiple layers of cloud […]