Blog

Splunk Universal Forwarder Troubleshooting

Deployment Client Side Deployment SeRVER Side Incorporating best practices like using splunk btool, splunk diag, and monitoring internal logs can significantly improve your ability to troubleshoot efficiently. Happy troubleshooting!

continue reading

IDOR – Do you know what I am doing ?

An application provides direct access to an object, such as a file or a database record, based on user-supplied input. This can allow an attacker to bypass the application’s access controls and access sensitive information or perform unauthorised actions it is called as an IDOR (Insecure Direct Object Reference) vulnerability.  Attacker can manipulate the URL…

continue reading

Splunk Admin – Cheat sheet

The Splunk CLI commands are listed here. Please leave a remark if you would like to add any additional commands or make any changes to the ones that are already mentioned. Genral Admin Manage the Splunk processes splunk [start | stop | restart | status] Accept the license without prompt splunk start –-accept-license Enable boot…

continue reading

Active Directory Series – IV

Part – IV : Active Directory – Authentication NTLM protocol The NTLM protocol has a long history in Windows environments and has served as a foundational authentication method for many years. However, its security limitations and susceptibility to attacks have led to its gradual phasing out in favor of more robust authentication protocols. While NTLM…

continue reading

Active Directory Series – III

Part – III : Active Directory – Authentication Kerberos Authentication Protocol The Kerberos authentication protocol offers a robust and reliable solution to ensure secure access to network resources. Kerberos, derived from the Greek word “κέρβερος” meaning “three-headed dog,” was originally developed at the Massachusetts Institute of Technology (MIT) in the 1980s.Kerberos has undergone several revisions…

continue reading

Active Directory Series – II

Part 2 – Active Directory : Authentication Lightweight Directory Access Protocol LDAP is a crucial component of modern IT infrastructure because it simplifies data management, enhances security, and facilitates the efficient operation of organizations by providing a centralized and standardized way to store, access, and manage directory information. Its flexibility and compatibility with various systems…

continue reading

Active Directory Series

Part 1 – Active Directory: Introduction Active Directory is the backbone of many modern IT infrastructures, offering a powerful set of tools for managing network resources efficiently and securely. We will explore Active Directory and its attacks in-depth in this series. Imagine a scenario where a large organization needs to manage user accounts and access…

continue reading