Post Compromise
Internal Networks
A Demilitarized Zone (DMZ)
A DMZ Network is an edge network that protects and adds an extra security layer to a corporation's internal local-area network from untrusted traffic. A common design for DMZ is a subnetwork that sits between the public internet and internal networks.
Designing a network within the company depends on its requirements and need. For example, suppose a company provides public services such as a website, DNS, FTP, Proxy, VPN, etc. In that case, they may design a DMZ network to isolate and enable access control on the public network traffic, untrusted traffic
Network Enumeration
What is the Active Directory (AD) environment?
More details here :
The following is a list of Active Directory components that we need to be familiar with:
Domain Controllers
Organizational Units
AD objects
AD Domains
Forest
AD Service Accounts: Built-in local users, Domain users, Managed service accounts
Domain Administrators
AD domains are a collection of Microsoft components within an AD network.
AD Forest
Host Security Solution
It is a set of software applications used to monitor and detect abnormal and malicious activities within the host, including:
Antivirus software
Microsoft Windows Defender
Host-based Firewall
Security Event Logging and Monitoring
Host-based Intrusion Detection System (HIDS)/ Host-based Intrusion Prevention System (HIPS)
Endpoint Detection and Response (EDR)
Antivirus Software (AV)
There are various detection techniques that the antivirus uses, including
Signature-based detection
Heuristic-based detection
Heuristic VS Signature
Behavior-based detection
Microsoft Windows Defender
We can use the following PowerShell command to check the service state of Windows Defender:
Host-based Firewall:
We can also learn and check the current Firewall rules, whether allowing or denying by the firewall.
threat details
Get Firewall Rules connection
Security Event Logging and Monitoring
Event logs in Windows
Last updated
