CyberGladius

@[email protected]
9 Followers
0 Following
25 Posts
Hacker | Blue Team | DFIR | Freelance Writer
Bloghttps://cybergladius.com
Twitterhttps://twitter.com/CyberGladius
GitHubhttps://github.com/Brets0150
CyberGladiusJul 1, 2024

DEF CON 32 Workshops are posted!

https://buff.ly/3zsJEKQ

CyberGladiusJun 10, 2024

Planning on going to DEF CON 32 this year? You need to read this before June 15th!

https://buff.ly/4efPCOY

Guide to Attending DEF CON 32 in 2024 - Cyber Gladius

Are you planning on attending DEF CON 32? Check out my guide if this will be your first DEF CON. The helpful tips you need to maximize your DEF CON 32 experience.

Cyber Gladius
CyberGladiusApr 3, 2024

Preventing DCSync Attacks is complicated! If you dig into the root vulnerability, you realize most posts miss some attack paths.
So, I wrote a blog post on digging into the details of the attack.

https://buff.ly/3xlPtZr

#AdHardening #CyberSecurity

Preventing DCSync Attacks - Cyber Gladius

Learn to audit for and prevent DCSync attacks in your Active Directory environment. Most other sources miss more attack paths to DCSync abuse. Find all the DCSync attack paths; if you don't, the Attackers will.

Cyber Gladius
CyberGladiusJan 24, 2024

The Active Directory Access Control List is one of the most confusing security risks I have ever encountered. So, I wrote up a blog to help others understand the AD ACL.

https://cybergladius.com/the-active-directory-access-control-list-explained/

#Windows #SystemAdmin #Cybersecurity #WindowsSucks

The Active Directory Access Control List Explained - Cyber Gladius

Many Active Directory attacks' root vulnerability is the domain's AD Access Control Lists. This post explains what you need to know about the AD Access Control List to prevent lateral movement and escalation of privileges in the domain.

Cyber Gladius
CyberGladiusDec 22, 2023
I just heard of the "Reanimate tombstones" permission in Active Directory. This sounds more like a DnD spell than a Windows permission. lol
CyberGladiusOct 11, 2023
If you're not cracking any of your captured LM/NTLM hashes, they might be corrupt. I have found that Python hash-dumping tools may output corrupted hashes. NtdsAudit will at least throw errors if the data is bad.
More here: https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
#RedTeam #CyberSecurity #HackPSA
CyberGladiusSep 19, 2023
Lolz.
#CyberSecurity
CyberGladiusSep 18, 2023
Simultaneous #RedTeaming and #BlueTeaming.
#pwnagotchi #MarauderESP32 #CyberSecurity
CyberGladiusAug 31, 2023

I really enjoyed this Pentesting story. The practical day-to-day challenge of being a pentester trying to break into a company with good security practices. Reading it reminded me of how stressed I felt a week into a pentest and still had not gotten a foothold; a little PTSD.

https://www.rapid7.com/blog/post/2023/08/31/pentales-what-its-like-on-the-red-team/

#RedTeam #CyberSecurity

PenTales: What It’s Like on the Red Team | Rapid7 Blog

Rapid7
CyberGladiusAug 23, 2023
Metasploit Updates
The release includes four new exploit modules for H2 database, Maltrail, RaspAP, and Greenshot, with varying CVE status and authentication requirements.
https://www.rapid7.com/blog/post/2023/08/18/metasploit-weekly-wrap-up-23/
Metasploit Weekly Wrap-Up | Rapid7 Blog

Rapid7