Positive Security

Making sense in the world of all things cyber.

A necessary component to any IR: Containment

This blog is updated at https://ciberesponce.com Incident Response and Containment Anyone who does...

Date: 03/02/2018

Setting up Kali Linux in Docker on Windows 10

This blog is updated at https://ciberesponce.com A few times now, I find myself wondering why I need...

Date: 09/01/2017

WMI Queries: ReturnValue vs uValue (and some Remote Registry)

This blog is updated at https://ciberesponce.com Interestingly, when querying a registry setting in...

Date: 08/24/2017

ATA Auditing (AuditPol, Advanced Audit Settings Enforcement, Lightweight Gateway Service discovery)

This blog is updated at https://ciberesponce.com NOTE: This blog and code was updated to include a...

Date: 08/18/2017

ATA + OMS

This blog is updated at https://ciberesponce.com Installing Operational Management Suite (OMS) on...

Date: 06/08/2017

SmartCard and Pass-the-Hash

On a pretty consistent basis, SmartCard and Multi-factor Authentication (MFA) technologies are...

Date: 05/17/2017

Ubuntu RDP in Azure

Many times, I get a question on how do you RDP into a Linux machine created in Azure. So, instead of...

Date: 03/17/2017

cpassword – MS14-025

Microsoft announced MS14-025 on 13 May, 2014. However, it continues to be an issue for many IT...

Date: 02/23/2017

ATA Playbook Released

The Advanced Threat Analytics Playbook is released. It includes a breakdown of how to test (and...

Date: 02/15/2017

Advanced Threat Analytics Detects Forged PACs

Advanced Threat Analytics (ATA) detects all sorts of credential theft and post-exploit activities of...

Date: 02/13/2017

The Iceberg Effect

In cybersecurity, especially in the Digital Forensics Incident Response (DFIR) space, the "Iceberg...

Date: 02/01/2017