Hello all,
I know that there has been some time between my previous post and this one. In recent months I have taken on a new role and have been ensuring that I have been taking on my role's responsibilities and tasks. This hasn't left much in the way of time for learning and exploring but, now that everything has settled down, I can dig into some new topics.
Welcome back everyone. The following Sherlock is being completed in preparation for taking the HTB CDSA exam. I came across a medium blog post by the user, Hammazahmed. He provides some advice for learning and practicing skills before taking the exam. Specifically, he mentioned this Sherlock investigation, along with some others, BFT, Noted, RogueOne (Which I have completed, full writeup here), and Meerkat.
CrownJewel 2 is the final Sherlock in the Hack the Box Detecting Active Directory Attacks track. It's been rewarding tackling these labs and getting more exposure to the various tools of the trade when it comes to blue teaming in cyber.
We are down to the last two Sherlock labs to complete the track Detecting Active Directory Attacks. Let's start the next investigation and continue our learning.
On to the second part of the Campfire Sherlock from Hack the Box. Again, if you have not read my previous write-up on Campfire 1, go check it out. The aim is to complete all Sherlocks in the Detecting Active Directory Attacks track on HTB labs. Time to investigate!
Forela's Network is constantly under attack. The security system raised an alert about an old admin account requesting a ticket from KDC on a domain controller. Inventory shows that this user account is not used as of now so you are tasked to take a look at this. This may be an AsREP roasting attack as anyone can request any user's ticket which has preauthentication disabled.
Hack the Box recently created some learning tracks for their Sherlock labs. I recently enrolled in the Detecting Active Directory track as I have already completed two of the Sherlocks included, Noxious and Reaper. Campfire 1 is the first in the series in this track and pairs up well with my article on Kerberoasting as this investigation deals with a Kerberoasting attack. Let's get started!
Alonzo Spotted Weird files on his computer and informed the newly assembled SOC Team. Assessing the situation it is believed a Kerberoasting attack may have occurred in the network. It is your job to confirm the findings by analyzing the provided evidence. You are provided with: 1- Security Logs from the Domain Controller 2- PowerShell-Operational Logs from the affected workstation 3- Prefetch Files from the affected workstation
Hey all, it's been a while since my last Sherlock post but rest assured I am still out here studying and learning.🤓 Now let's dive into another investigation.
Janice from accounting is beside herself! She was contacted by the SOC to tell her that her work credentials were found on the dark web by the threat intel team. We managed to recover some files from her machine and sent them to the our REM analyst.
I recently completed the Hack The Box module: Intro to Network Traffic Analysis. I have to say I really enjoyed this module as we dived into the Analysis process. The whole module gave me the feeling of being a private investigator/detective, digging through tons of information to look for anomalies or patterns that indicate compromise or a security event. Lets dig into what I learned over the course of the module and how it can be applied in practice.
Hello Everyone! 👋
Today we will be learning about Kerberoasting, an attack that targets Kerberos. I decided to write an article about this topic as I am actively learning about the attack as a part of the Hack the Box CDSA certification.
To first understand what Kerberoasting is, we need to dive into Kerberos, what is is, what it offers, and how it works to gain better insight into how Kerberoasting are carried out, and why threat actors persistently choose this method to gain access to AD environments.
It's that time again, lets dig into another investigation, this time it looks like we will be digging into memory forensics. 🕵️♂️🤓🔎