Category: Blue Team

Overview

CVE-2021-34527 (dubbed PrintNightmare) is a Remote Code Execution Vulnerability that affects the Windows Print Spooler Service on all Windows Operating Systems. The vulnerability is trivial to exploit, as all an attacker requires to exploit the vulnerability are low level credentials, either on the domain or on the target host, and line of sight to the said host.

Continue reading PrintNightmare – CVE-2021-34527

Hey all, thought I would share my notes for the CISSP certification if anyone was thinking of taking it. Certainly one of the big boy exams within the industry and certainty one that should be taken into consideration regardless of what area of Cyber Security you work in/plan to work in.

Continue reading CISSP – Exam Prep & Guide

I recently took the CySA+ exam (version 2) and thought it would be useful to share my thoughts on it. From my experience I felt the CySA+ exam is one of the best exams I’ve encountered that is specifically tailored towards Cyber Security Analysts working within a Security Operations Centre. Literally everything I came across while preparing for the exam would (at least in my opinion) be something I encountered as an analyst. I would 100% recommended giving it a go if you are thinking of it.  

Continue reading CySA+ (Version 2) – Guide for 2021

We can use FileBeat as our log collectors for our newly created GrayLog server. We can install FileBeat on any system we want our logs to be pushed from.

Continue reading Using FileBeat with GrayLog

Introduction

GrayLog is a powerful open source SIEM solution. With hosting within Azure there are additional parameters that needed to be changed to get it to work. If you are testing the solution is might be worth using a site such as azureprice.net to find the best price based on the location and your size requirements.

Continue reading Installing GrayLog on Azure