Overview Command and control (C2 or C&C) refers to the communication and coordination between a cyber attacker and the infrastructure they use to launch an attack. This infrastructure can incl...
Collection
Overview The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected fro...
Port 5355 - LLMNR
Overview Link-Local Multicast Name Resolution (LLMNR) and the previous iteration of the service called NetBIOS Name Service (NBT-NS) are Microsoft Windows components that serve as alternate method...
Responder
Overview Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP a...
Forensic Operating System Logs
A question that is typically raised during and post breach investigation is what event logs should be monitored, collected or enabled. The below list aims to provide a cheat sheet of sorts to highl...
CAPEC 94 - Adversary-in-the-Middle (AiTM)
Overview Attackers use man-in-the-middle (AiTM/MITM) techniques to attempt to position themselves between two or more networked devices to facilitate follow-up actions such as network sniffing and...
AppCompatCacheParser
Overview AppCompatCacheParser is a command line tool developed by Eric Zimmerman, to process the ShimCache (AppCompatCache) on Windows operating systems, identifying items such as: Executable ...
SQL Overview
Overview Structured Query Language (SQL) is designed for managing data held in a relational database management system (RDBMS). It is particularly useful in handling structured data, i.e. data inc...
Port 21 - FTP
Overview The File Transfer Protocol (FTP) is a common protocol that is used across all operating systems to aid in remote file transfers between a client and server. FTP is a plaintext protocol, m...
Database Stores
Overview Relational and Non-Relational databases are a valuable target for attackers, with sensitive information often stored within the database tables such as Personally Identifiable Information...