Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Automating Azure Just In Time VM Access
RDP Brute force When it comes to managing Azure virtual machines, administrators are usually using...
Date: 06/24/2018
Building a security lab in Azure
Building your own lab for security research or penetration testing is a must for any security...
Date: 05/11/2018
Avoiding credentials reuse attacks
Adversaries are reusing credentials all the time, How can you check and prevent...
Date: 05/06/2018
Invoke-Adversary – Simulating Adversary Operations
Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring...
Date: 04/09/2018
Setting up Kali Linux on Windows Subsystem for Linux
Kali Linux on Windows 10 "Kali Linux on Windows 10? What the hell?" – one might ask. But we are in...
Date: 03/07/2018
Detecting Kerberoasting activity using Azure Security Center
Kerberoasting, a term coined by Tim Medin, is a privilege escalation technique which proves to be...
Date: 02/23/2018
List of Azure Active Directory Audit Activities
Hi all, Audit logs in Azure Active Directory help customers to gain visibility about users and group...
Date: 02/12/2018
Deploying Sysmon through Group Policy (GPO) Preferences
In my previous post I explained how to leverage Group Policy Preferences to deploy and update Sysmon...
Date: 12/25/2017
Update: Sysmon configuration file version 8
This new version of config_v8.xml adds the latest additions from Sysmon : FileCreateStreamHash...
Date: 12/13/2017
Sysinternals Sysmon suspicious activity guide
Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating...
Date: 12/07/2017
Quickpost: Encrypting Azure Virtual Machine using BitLocker
Here are the steps that are required to encrypt the disk of Azure Virtual Machine. This is a very...
Date: 11/21/2017
Chasing Adversaries with Autoruns - evading techniques and countermeasures
Abstract Sysinternals Autoruns is a great utility for defenders to discover and disable malware and...
Date: 11/04/2017
Securing remote connections
Consider the following scenario: a standard user was tricked to run a malicious code and his device...
Date: 09/21/2017
Locking up Your BitLocker
Hello, Today I want to talk about securing your Bitlocker-enabled devices against a common attack...
Date: 05/24/2017
Duck and cover or how AtomBombing is really unnecessarily alarmism
The so-called AtomBombing code injection technique discovered by Tal Liberman seemed to be getting a...
Date: 11/11/2016
Sysinternals Sysmon unleashed
Introduction Warning: This post recommends Sysmon monitoring policy implementations that are not...
Date: 10/18/2016
Process Monitor for Dynamic Malware Analysis
Sysinternals Process Monitor is a powerful tool for investigating and troubleshooting application...
Date: 05/04/2016
Get VirusTotal Report using PowerShell
VirusTotal is a free virus, malware and URL online scanning service. File checking is done with more...
Date: 12/13/2015
How to reset the password in Windows on Azure ARM based VM?
Azure has two different deployment models for creating and working with resources: Resource Manager...
Date: 11/29/2015
Five rules for a successful boot trace
Many words have been spoken about Slow Boot and Slow Login analysis, but today I want to focus on...
Date: 11/10/2015
List of SVCHOST related hotfixes for Windows 7, Windows 8, Windows Server 2012 and Windows Server 2012 R2
Notes: You should always check https://support.microsoft.com for the latest version of the different...
Date: 10/21/2015
Page File - The definitive guide
Hello! Today I will share with you my best practices for configuring the paging file in Windows...
Date: 10/15/2015
Hello World
Hello everyone. I'm Moti Bani, and I’ve been working in the IT industry for over 15 years, last 6 at...
Date: 10/13/2015