Security |

Tag Archives: Security

Jumphost Security

Posted on July 7, 2022 by Jan Geisbauer One comment

Let’s go quickly through an example in which an attacker has code execution on a Windows 10 box and opens a proxy channel to an attacker machine. The attacker then uses ‘proxychains’ which ingests all network output from defined tools on the attacker machine into the proxy tunnel to the Windows 10 box.

With that, we will be able to start an RDP session on the attacker machine, proxy it through the Win10 machine to the local Domain Controller.

The result of that is a Domain Controller that only sees an RDP connection coming from the Win10 box and no MSTSC process on this Win10 box. Please, read the last sentence again. This makes the detection of the attacker steps harder

Main Articles

Windows Credential Dumping

Posted on June 8, 2022 by Jan Geisbauer 2 comments

If you are interested in windows protection and detection techniques and how they behave under the various attacks on Windows credentials, this article is for you.

Main Articles

MDE Hunting 101

Posted on March 27, 2022 by Jan Geisbauer One comment

People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?

Main Articles

Hide and Seek

Posted on May 28, 2020 by Jan Geisbauer Leave a comment

In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.

Main Articles

AI, Protect Me!

Posted on January 31, 2019 by Jan Geisbauer Leave a comment

Azure AD Identity Protection (IP) recently got a refresh (in preview). We will have a look into some of the enhancements.

Main Articles

Christmas Special: Peace between Security and Usability (by the example of Multifactor Authentication in Azure AD)

Posted on December 20, 2018 by Jan Geisbauer Leave a comment

One of the biggest problems of our times in IT is to pacify the long-lasting war between security and usability. We all know this picture here below that shows precisely human behavior: people will accept security, when its easy enough. Otherwise they will find their own way around security

Main Articles

100% Cloud will never happen!

Posted on November 29, 2018 by Jan Geisbauer Leave a comment

I like the idea of starting a brand-new blog site by the name of “Empty Datacenter – 100% Cloud” and then writing the first article, indicating that this will never happen.

But this is exactly what happens during the ‘cloud familiarization period’. The WHAT? Exactly.