Architecting for the kill chain
MITRE ATT&CK framework can be a great resource for tracking and reviewing the kill chain and methodology used by threat actors, as part of a recent move to security architecture I got interested in how to design defence in depth that is mapped to adversarial threat actors kill chains and MITRE so I could better…
Nest
One of VBScripts boxes on windows focuses heavily on reversing applications to crack credentials. Run Nmap Only 445 is open? Lets run again with the -p- flag to confirm, feeling like another evil-winrm box. Foothold Enumeration Running a quick nmap scan for vulnerabilities doesn’t give us anything. We get the hostname. Enum4Linux doesn’t get us…
Traverxec
This box is a mixture of CVEs, mis-configurations and GTFObins Run Nmap Quick scan shows us a webserver and ssh are open. We will run a more intensive scan to double check and get dirb running. We also see Nostromo 1.9.6 is the webserver running. While those scans run lets research this. Run Dirb Nostromo…
Adams In-Security 