pass-the-hash
How It Works (Step-by-Step) 🛡️ Why It’s Dangerous 🔐 Mitigation Strategies Defense Layer Action Credential Hygiene Use unique local admin passwords (LAPS), enforce password rotation Memory Protection Enable Credential Guard, isolate LSASS Logging & Detection Monitor for LSASS access, unusual SMB/RDP logins Network Segmentation Limit lateral movement paths, restrict admin access MFA & PAM Use […]
Akira ransomware
Akira’s VPN-Based Breach Tactics 1. Initial Access via VPN 2. Lateral Movement Post-VPN Access 3. Deployment of Ransomware 🔐 Real-World Example 🛡️ Defense Tips
Once you’ve captured a disk image and a RAM dump
How to Use the Disk Image 🔍 1. Mount or Extract the Image 🧭 2. Explore File System Artifacts 🧰 3. Analyze with Tools 🧠 How to Use the RAM Dump 🔍 1. Verify and Identify OS 🧪 2. Analyze with Volatility or Rekall 🔐 3. Look for Indicators of Compromise 🧩 Combine Both for […]
Investigating a Suspect Laptop
1. Isolate Immediately 2. Preserve Evidence Create a forensic disk image (e.g., using FTK Imager or dd). Capture RAM dump 3. Initial Triage 4. Log Analysis 5. File System & Registry Audit 6. Malware & IOC Scanning 7. Network Forensics 8. Timeline Reconstruction 🛡️ Final Steps
robocopy interprets trailing backslash
So the issue isn’t the backslash itself — it’s the combination of backslash + quotes.
Queries per minute’ of service ‘drive.googleapis.com’
Failed to update directory timestamp or metadata: googleapi: Error 403: Quota exceeded for quota metric ‘Queries’ and limit ‘Queries per minute’ of service ‘drive.googleapis.com’ for consumer ‘project_number:202264815644’. Details:[{“@type”: “type.googleapis.com/google.rpc.ErrorInfo”,“domain”: “googleapis.com”,“metadata”: {“consumer”: “projects/202264815644”,“quota_limit”: “defaultPerMinutePerProject”,“quota_limit_value”: “420000”,“quota_location”: “global”,“quota_metric”: “drive.googleapis.com/default”,“quota_unit”: “1/min/{project}”,“service”: “drive.googleapis.com”},“reason”: “RATE_LIMIT_EXCEEDED”},{“@type”: “type.googleapis.com/google.rpc.Help”,“links”: [{“description”: “Request a higher quota limit.”,“url”: “https://cloud.google.com/docs/quotas/help/request_increase”}]}] rclone copy /local/path gdrive:/backup \–drive-chunk-size 64M \–tpslimit 7000 […]
AD enum
net user net user /domain net user username /domain net group /domain powershell -ep bypass build the full LDAP ADspath,LDAP://hostname[:portnumber][/distinguishedName] PDC,primary domain controller,PdcRoleOwner property. $domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $PDC = $domainObj.PdcRoleOwner.Name DN,DistinguishedName,uniquely id and obj in AD, $DN = ([adsi]”).distinguishedName $LDAP = “LDAP://$PDC/$DN” ADSI wrapper. ADSI is a COM interface that ships with Windows,doesn’t require installing […]
LSA policy
Get-NtAccountRight -Type Logon,Who is allowed in, and how. Get-NtAccountRight -Type Privilege,what accounts can do once logged in.
wordpress – Elementor
<div> ,browsers don’t give it any margin. <p>, do get default top/bottom margins.