Category: Tools
-
Building A Purple Team Lab – Module 2: EDR Deployment
Intro Previous modules Building A Purple Team Lab – Module 1: Lab Overview & Outline The Elastic Container Project The Elastic Container Project will serve as our Endpoint Detection & Response (EDR) solution for the lab. It’s incredibly powerful and very easy to get up and running, and it’s free, although additional features are available…
Written by
-
Building A Purple Team Lab – Module 1: Lab Overview & Outline
Overview This will be a multi-part series focused on setting up a Purple Team lab with the following high-level goals in mind: Locally hosted using open-source software where possible (Free) Deploy & configure an Endpoint Detection & Response (EDR) solution Gain hands on experience testing basic red team tactics, techniques, and procedures (TTPs) on Windows…
Written by
-
Trilium Notes – Self-Hosted Server Setup
I’ve been looking for a OneNote alternative for a few years now, but haven’t been able to find anything that combines the same basic functionality with a simple, clean interface. As I’m increasingly moving away from Microsoft products, I realized it was time to find a dedicated solution and stick with it. I’m excited to…
Written by
-
Revisiting Purple Teaming AD with BloodHound CE & AD-Miner
A few months ago, I published a blog post that involved managing Bloodhound CE with Docker Compose: Purple Teaming AD with BloodHound CE & AD-Miner Since then, BloodHound CE has seen some pretty significant improvements, including new tools to simplify container management. Because of this, I wanted to revisit this setup and put together an…
Written by
-
Installing Omarchy On VMware Workstation
Update – February 23, 2026 After some great feedback from the YouTube community, here’s a list of additional tips and troubleshooting steps for those still experiencing issues: VMware Workstation Specific Ensure Open VM Tools is installed and running Keep the VM in full screen mode and the mouse focused Set the resolution lower than the…
Written by
-
Ultimate Local AI Setup Guide: Ubuntu, Ollama, & Open WebUI
Intro & Background It seems safe to say that artificial intelligence (AI), particularly large language models (LLMs), are here to stay. As a cybersecurity professional, it has been pretty easy to find use cases for AI in my daily work, from general penetration testing and writing tools to forensics and reverse engineering. However, as with…
Written by
-
Purple Teaming AD with BloodHound CE & AD-Miner
BloodHound is one of those tools that everyone in the industry seems to have heard of and it tends to generate a buzz amongst engineers anytime it’s brought up. This reputation is well-deserved with it being such a game changer when it comes to attacking and auditing Active Directory domains. Every organization running Active Directory…
Written by
-
Introducing Invoke-EncryptionSimulator: A PowerShell Tool for Simulating Late-Stage Ransomware Attacks
Invoke-EncryptionSimulator Invoke-EncryptionSimulator is designed to be a simple and safe way to emulate the encryption stage of a ransomware deployment to aid in development and testing of controls focusing on file system level changes rather than process related telemetry. Invoke-EncryptionSimulator is designed to be a simple and safe way to emulate the encryption stage of…
Written by
-
Analyzing & Detecting IIS Backdoors
IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of information on this topic, but I really wanted to dig through the specifics in order…
Written by
-
New Tool! Invoke-RPCMap: PowerShell Script for Remote RPC Service Enumeration
Invoke-RPCMap Invoke-RPCMap can be used to enumerate local and remote RPC services/ports via the RPC Endpoint Mapper service. This information can useful during an investigation where a connection to a remote port is known, but the service is running under a generic process like svchost.exe. This script will do the following: Create a local log…
Written by
