ZTH-CH3: Troubleshooting?
A skillset that many people look at when you work in IT or have some form of interest in technology is the ability to 'fix' things.| ZephrSec - Adventures In Information Security
A skillset that many people look at when you work in IT or have some form of interest in technology is the ability to 'fix' things.| ZephrSec - Adventures In Information Security
I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.| ZephrSec - Adventures In Information Security
This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.| ZephrSec - Adventures In Information Security
Andy Gill/ZephrFish's blog site, zsec.uk/ZephrSec.com covers posts of offense, defense and general security.| ZephrSec - Adventures In Information Security
This course is for practitioners who want to emulate adversaries without malware, without traditional C2 infrastructure, and without unnecessary footprint.| ZephrSec - Adventures In Information Security
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.| ZephrSec - Adventures In Information Security
They say AI is the future, but what they meant was Andy Intelligence.| ZephrSec - Adventures In Information Security
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.| ZephrSec - Adventures In Information Security
When I originally posted the blog post that lived on this page a lot of CTI professionals got sad and had a go at me. My view of Offensive CTI is using TA knowledge to better improve red team and offensive security for defence. There is also an element of| ZephrSec - Adventures In Information Security
Manipulating Git Histories to Obscure the Truth| ZephrSec - Adventures In Information Security
So you are performing your favourite kerberos attacks, such as pass the ticket, Public Key Cryptography for Initial Authentication (PKINIT), Shadow Credentials or Active Directory Certificate Services (AD CS) vulnerabilities but you run into a kerberos error and despite troubleshooting you're still none-the-wiser on what todo? Well here's a quick| ZephrSec - Adventures In Information Security
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor can you trust dates of commits!| ZephrSec - Adventures In Information Security
Set up a Docker-based homelab with automation, monitoring & media tools like Plex, Sonarr & Portainer for easy management & scalability.| ZephrSec - Adventures In Information Security
2024 marks 13 years in security, 10 in offensive security, and 11 of blogging. This year has been about growth, learning, and sharing knowledge. From leadership insights to career reflections, this "year in review" celebrates technical contributions, personal achievements, and key milestones.| ZephrSec - Adventures In Information Security
Welcome to part 2 of my NUC cluster; in the first part, I explained how to deploy a cluster using proxmox and walked through the hardware setup and the rest of the connectors. In this part, we'll dive into building your own Active Directory Lab environment and show| ZephrSec - Adventures In Information Security
Introducing Living off the Land Searches (LOLSearches), using advanced search operators with SharePoint and Explorer to help in Red Teams.| ZephrSec - Adventures In Information Security
Explore my blog series on building a NUC cluster with Proxmox! Learn about connecting hosts, setting up tools, and avoiding pitfalls from my own build mistakes. Perfect for anyone keen on creating a home lab for testing attack paths and security tools. Dive in for practical insights!| ZephrSec - Adventures In Information Security
This post explores Windows Side-by-Side (WinSxS) and DLL hijacking, deep-diving some tooling I've written and some of the fun along the way.| ZephrSec - Adventures In Information Security
Blackvue cloud connected dashcams leak your location and allow anyone to view your video feed with a free account. Sort it out folks!| ZephrSec - Adventures In Information Security
Reflecting on my experiences with various leaders, managers, and bosses, I've gained insights into effective and ineffective leadership styles.| ZephrSec - Adventures In Information Security
If you find yourself on the path of leading a team, make sure you set critical baselines with your team. Always do what is best for your team and set them up for success.| ZephrSec - Adventures In Information Security
This post will go through some of the steps you can take as an individual to secure the accounts that mean the most to you.| ZephrSec - Adventures In Information Security
To this date, phishing is one of the most prevalent first stages of entry to an organisation, a lot of threat actors| ZephrSec - Adventures In Information Security
If you're reading this, it's a blog post that's not my regular write-up but more of an investigation and a hypothesis on the anatomy of a scam. I also put it together to raise awareness for those who read my blog and who might not be overtly technical-focused.| ZephrSec - Adventures In Information Security
BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.| ZephrSec - Adventures In Information Security
This post will walk through various services within the Azure catalogue and look at potential attack paths.| ZephrSec - Adventures In Information Security
