Building a security lab in Azure

Building your own lab for security research or penetration testing is a must for any security professional. There are many good reasons for building a lab: Test various security solutions before implementing them on a production environment Learn a new skill or technique by doing it on isolated environment Study for a security certification (OSCP,…


Avoiding credentials reuse attacks

Adversaries are reusing credentials all the time, How can you check and prevent credential reuse attacks? Deny them by leveraging new (and old) security features. Reusable credentials Method Log Type Reusable credentials  Log to console (+KVM) Interactive Yes RUNAS Interactive Yes Remote desktop RemoteInteractive Yes WinRM+CredSSP NetworkClearText Yes PSExec with explicit credentials Network+Interactive Yes Scheduled Task Batch Yes (as LSA…