Skip to content


How to run a MFA registration campaign in Azure

You can nudge users to set up Microsoft Authenticator during sign-in. Users will go through their regular sign-in, perform multifactor authentication as usual, and then be prompted to set up Microsoft Authenticator. In addition to choosing who can be nudged, you can define how many days a user can postpone, or "snooze", the nudge.

How to deploy Sysmon via GPO

In this blog post, we are going to look at how to deploy Sysmon to all endpoints via GPO. In my case, I push all logs to my Windows Event Collector (WEC). My WEC has Winlogbeat installed so can centrally access all logs in SecurityOnion.

PCAP Analysis using Zeek

You're being handed a really large network data capture and you want to figure out if theres anything malicious in it? But, there is too much data to manually go through? How can you easily tell if anything evil has happened or if there is totally normal traffic? There a variety of awesome free tools, like for example: Zeek.

Analyzing Malicious PDF and Word Documents

How to address PDF files and Word Documents and extract malicious indicators from within them. This is something that happens nearly every day in a SOC. An example could be: A user reports phishing and our job as Security Anaylsts is, figuring out if these files are indeed malicious. Safely, quickly and accurately.

HackTheBox - Toolbox

Toolbox is a Windows Machine that involves a Docker Toolbox install. A Linux Container is hosted, which serves a website that is eventually vulnerable to SQL injection. Utilizing this, we can establish a foothold. Leveraging Docker Toolbox default credentials to escape the Docker Container and getting a privileged shell on the Windows Host.

HackTheBox - Timelapse

Timelapse is a Windows Machine that involves accessing a publicly accessisble SMB share. Cracking a .zip file containing a .pfx file that can be used to authenticate to a DC. Upon establshing a foothold we hunt for credentials and utilize a Domain Group to obtain a Password via LAPS and thus gain administrative access on the Domain Controller.

Security Ramblings

Hi there! This site is designed to cover various offensive & defense security topics.

On this blog I plan to share things I've learned. Mostly focused on hacking and security. I love to learn, but I love sharing the things that I have learned even more - that's what this blog is for. Feel free to get in touch via Twitter or ‚úČ E-Mail. I'm always up for a chat about security.