Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

My key takeaways

The Atomic Red Team Project (ART) is a open source library of scripted attacks

ART uses the MITRE ATT&CK Matrix as structure

ART emulates what an Attacker might do after compromise; msf tries to make use of vulns in software

Emulating attacks helps to improve detection of attacks and comparing security products

Vectr.io is a feature rich tool and report framework for purple team collaboration

Atomics can be executed manually. Better use the PowerShell Execution Framework: Invoke-AtomicRedTeam

Windows Defender doesn't like ART, put it on the exclude list

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

My key takeaways Zeek does not capture whole packets but saves summaries of all conversations it sees to log files saves time and space "You wouldn’t normally use Zeek for packet capture, instead you use it for analysis." – Bill Stearn Sending a lot more data then recieving might indicate malicious traffic use NetworkMiner to

Jean-Christoph von Oertzen

Blog

Infosec glossary

Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

My key takeaways

Env

additional links

You may also like

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security