共用方式為


Windows Security

Automating Azure Just In Time VM Access

RDP Brute force When it comes to managing Azure virtual machines, administrators are usually using...

Date: 06/24/2018

Building a security lab in Azure

Building your own lab for security research or penetration testing is a must for any security...

Date: 05/11/2018

Avoiding credentials reuse attacks

Adversaries are reusing credentials all the time, How can you check and prevent...

Date: 05/06/2018

Invoke-Adversary – Simulating Adversary Operations

Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring...

Date: 04/09/2018

Setting up Kali Linux on Windows Subsystem for Linux

Kali Linux on Windows 10 "Kali Linux on Windows 10? What the hell?" – one might ask. But we are in...

Date: 03/07/2018

Detecting Kerberoasting activity using Azure Security Center

Kerberoasting, a term coined by Tim Medin, is a privilege escalation technique which proves to be...

Date: 02/23/2018

List of Azure Active Directory Audit Activities

Hi all, Audit logs in Azure Active Directory help customers to gain visibility about users and group...

Date: 02/12/2018

Deploying Sysmon through Group Policy (GPO) Preferences

In my previous post I explained how to leverage Group Policy Preferences to deploy and update Sysmon...

Date: 12/25/2017

Update: Sysmon configuration file version 8

This new version of config_v8.xml adds the latest additions from Sysmon : FileCreateStreamHash...

Date: 12/13/2017

Sysinternals Sysmon suspicious activity guide

Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating...

Date: 12/07/2017

Quickpost: Encrypting Azure Virtual Machine using BitLocker

Here are the steps that are required to encrypt the disk of Azure Virtual Machine. This is a very...

Date: 11/21/2017

Chasing Adversaries with Autoruns - evading techniques and countermeasures

Abstract Sysinternals Autoruns is a great utility for defenders to discover and disable malware and...

Date: 11/04/2017

Securing remote connections

Consider the following scenario: a standard user was tricked to run a malicious code and his device...

Date: 09/21/2017

Locking up Your BitLocker

Hello, Today I want to talk about securing your Bitlocker-enabled devices against a common attack...

Date: 05/24/2017

Duck and cover or how AtomBombing is really unnecessarily alarmism

The so-called AtomBombing code injection technique discovered by Tal Liberman seemed to be getting a...

Date: 11/11/2016

Sysinternals Sysmon unleashed

Introduction Warning: This post recommends Sysmon monitoring policy implementations that are not...

Date: 10/18/2016

Process Monitor for Dynamic Malware Analysis

Sysinternals Process Monitor is a powerful tool for investigating and troubleshooting application...

Date: 05/04/2016

Get VirusTotal Report using PowerShell

VirusTotal is a free virus, malware and URL online scanning service. File checking is done with more...

Date: 12/13/2015

How to reset the password in Windows on Azure ARM based VM?

Azure has two different deployment models for creating and working with resources: Resource Manager...

Date: 11/29/2015

Five rules for a successful boot trace

Many words have been spoken about Slow Boot and Slow Login analysis, but today I want to focus on...

Date: 11/10/2015

Notes: You should always check https://support.microsoft.com for the latest version of the different...

Date: 10/21/2015

Page File - The definitive guide

Hello! Today I will share with you my best practices for configuring the paging file in Windows...

Date: 10/15/2015

Hello World

Hello everyone. I'm Moti Bani, and I’ve been working in the IT industry for over 15 years, last 6 at...

Date: 10/13/2015