This is also a good — but older — article on Triton. We don’t know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations.
This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found hereNote: This application is not a magic bullet, it will require tuning and real investigative work to be truly effective […]
More and more, organizations and end users are embracing encryption to protect their data and traffic. By far the most visible part of this adaptation is the use of Hypertext Transfer Protocol Secure (HTTPS) for accessing websites. As opposed to the more basic HTTP, which is the plain text version, HTTPS makes use of Transport […]
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer […]