About Katherine Kostreva

This author has not yet filled in any details.
So far Katherine Kostreva has created 37 blog entries.

GSPBC-1036: Defense Evasion – Indirect Command Execution


Indirect Command Execution Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters. Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, Forfiles, the Program Compatibility Assistant (pcalua.exe), components of the Windows Subsystem for Linux (WSL), as well as other utilities may invoke the execution of programs and commands from a Command and Scripting Interpreter, Run window, or via ... Read More

GSPBC-1036: Defense Evasion – Indirect Command Execution2021-10-10T01:51:59+00:00

GSPBC-1035: Credential Access – Credentials from Password Stores


Credentials from Password Stores Adversaries may search for common password storage locations to obtain user credentials. Passwords are stored in several places on a system, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information. Credentials from Password Stores: Credentials from Web ... Read More

GSPBC-1035: Credential Access – Credentials from Password Stores2021-10-10T01:52:45+00:00

GSPBC-1034: Execution – Native API


Native API Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes. These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations. Functionality provided by native APIs are ... Read More

GSPBC-1034: Execution – Native API2021-10-10T01:52:52+00:00

GSPBC-1033: Credential Access – Input Capture


Command and Scripting Interpreter Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell. There are also cross-platform interpreters such ... Read More

GSPBC-1033: Credential Access – Input Capture2021-10-10T01:54:13+00:00

GSPBC-1032: Resource Development – Compromise Accounts


Compromise Accounts: Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating accounts (i.e. Establish Accounts), adversaries may compromise existing accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. A variety of methods exist for compromising accounts, ... Read More

GSPBC-1032: Resource Development – Compromise Accounts2021-10-10T01:54:00+00:00

GSPBC-1031: Persistence – Hijack Execution Flow


Hijack Execution Flow: Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution. There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating ... Read More

GSPBC-1031: Persistence – Hijack Execution Flow2021-10-10T01:54:05+00:00

GSPBC-1030: Reconnaissance – Active Scanning


Active Scanning: Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction. Active Scanning: Scanning IP Blocks Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a ... Read More

GSPBC-1030: Reconnaissance – Active Scanning2021-10-10T01:54:57+00:00

GSPBC-1023: Privilege Escalation – Exploitation for Privilege Escalation


How To Protect Against Privilege Escalation Attacks: Create strong passwords and change them regularly. This simple action can lower the risk of privilege escalation cyber attacks. If all administrator accounts have a strong password, hackers will struggle to take control of their accounts. You can also protect against privilege escalation cyberattacks by monitoring login requests. Hackers may gain access by performing a brute force attack. Watch login requests. This way, you can see which users are ... Read More

GSPBC-1023: Privilege Escalation – Exploitation for Privilege Escalation2021-10-10T01:55:04+00:00

TomCast XV: Web-Browsing


Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints. Today’s discussion involves web browsing. Web browsing requires a web browser, which is defined by Oxford as “a computer program with a graphical user interface for displaying and navigating between web pages”. If you have ever heard the term “surfing the web” or navigating the web, ... Read More

TomCast XV: Web-Browsing2021-11-22T18:57:59+00:00

TomCast XIV: Soft Skills – Communication


Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints. Today’s discussion involves soft skills. What are soft skills? Since I am a fan of looking up definitions from Oxford, we’ll remain consistent here. Soft skills are “personal attributes that enable someone to interact effectively and harmoniously with other people”. Why would anyone want to interact ... Read More

TomCast XIV: Soft Skills – Communication2021-11-23T01:06:27+00:00
Go to Top