red team Archives - Jean-Christoph von Oertzen

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

jean-christoph — Fri, 14 Nov 2025 18:34:47 +0000

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom […]

The post What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – Offensive Windows Event Logs

jean-christoph — Thu, 08 Sep 2022 18:18:36 +0000

My key takeaways there is a POC proving persistence by writing/reading shellcode from Event Log the real issue is execution as it’s a blind spot for most EDR also Defender Event logs in win are in the registry Bindings of sources to specific log local admins can create a log/source and event log entries via […]

The post Webinar takeaway – Offensive Windows Event Logs appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – A Master Class on Offensive MSBuild

jean-christoph — Wed, 26 Jan 2022 19:27:48 +0000

My key takeaways MSBuild is a binary that is installed by default on Windows no whitelisting required .csproj and .xml files are typical to interact with MSBuild Custom tasks are the juicy stuff Malicious code is placed in the execute function of the custom task and compiled into an dll xml will bypass detection a […]

The post Webinar takeaway – A Master Class on Offensive MSBuild appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: The Roundup by Wild West Hackin´ Fest: Red Team

jean-christoph — Fri, 13 Aug 2021 10:41:06 +0000

My key takeaways Red is a component of blue Blue can exist without red Red cannot exist without blue red w/o blue = criminal Security Operations Design is often built on existing environment, rarely built from scratch Threat definition: Risk = threat * vulnerability alt: Threat = ThreatActor + Intent + Tool/Technique Good intentions by […]

The post Webinar Takeaway: The Roundup by Wild West Hackin´ Fest: Red Team appeared first on Jean-Christoph von Oertzen.

Webinar takeaways: Attack Tactics 8 – Poison the Well

jean-christoph — Thu, 01 Jul 2021 18:27:25 +0000

My key takeaways Bad documents eg with macros enabled in SharePoint? No need to bypass phishing controls anymore! Documents are already trusted by users Difficult to trace M$ SmartLockout is effective to reduce direct attacks FireProx (AWS) or Proxycannon-ng (OpenVPN) can circumvent it unsolicited push notifications to bypass MFA can’t be reported as phish might […]

The post Webinar takeaways: Attack Tactics 8 – Poison the Well appeared first on Jean-Christoph von Oertzen.

Workshop takeaways: OSINT for Cyber Defenders

jean-christoph — Sun, 20 Jun 2021 11:09:27 +0000

My key takeaways Always do OSINT with the assumption in mind, that the software you are using is compromised Sock puppet accounts do not use real images like from Google Image Search as this might be considered identity theft in some countries make the email account information match you sock puppet use lastpass to store […]

The post Workshop takeaways: OSINT for Cyber Defenders appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Getting Started in Pentesting The Cloud – Azure

jean-christoph — Thu, 27 May 2021 18:09:24 +0000

My key takeaways Hybrid environments make cloud to on-prem pivoting possible 3 attack surfaces external: public buckets internal resource access: internal to cloud internal api access: identify vulns via API calls & configuration analysis Azure and O365 are not the same Azure Resouce Manager : Subscriptions and Resources Microsoft Office 365: Productivity O365 accounts get […]

The post Webinar Takeaway: Getting Started in Pentesting The Cloud – Azure appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Shellcode Execution with GoLang

jean-christoph — Thu, 20 May 2021 18:11:39 +0000

My key takeaways Go basics: local functions start with small letter, exported functions start with a capital letter walrus operator = declare and initialize in one statement like k := 3 the only loop is a for loop Go is truly a compiled language, it produces a machine native executable Shellcode: machine code native to […]

The post Webinar Takeaway: Shellcode Execution with GoLang appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses

jean-christoph — Thu, 03 Dec 2020 19:02:11 +0000

My key takeaways it’s getting harder to execute malware in a lot of environments, also due to endpoint maturity 3 parts of an assumed compromise: priv esc, lateral movement, senstive data access Win10 is safer then ever, also Windows Defender has improved defense vendors have signatures for almost all metaspoilt machine code nowadays you can’t […]

The post Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses appeared first on Jean-Christoph von Oertzen.