Random

• github.com/davidprowe/BadBlood

• Azure Sentinel – Cloud-native SIEM Solution | Microsoft Azure

• Log Analytics tutorial - Azure Monitor | Microsoft Learn

• Linux Commands
• cat, cut, sed, awk

• github.com/arch4ngel/bl-bfg

• github.com/arch4ngel/BruteLoops

• Viscosity - OpenVPN Client for Mac and Windows

• GlassWire - Personal Firewall & Network Monitor

• HostRecon/HostRecon.ps1 at master · dafthack/HostRecon

Things to learn

• Sys Admin
• ADCS
• SysInternals
• Azure AD
• KQLn - Sentinel

• Threat Optics Stacks
• logging
• Sysmon
• event ID 11 & 3
• lmk, cpl, ps1 (files)
• Userland?
• users shouldn’t be running as admin all the time
• SIEMs

• C2
• metasploit
• resource files

• Wardriving
• wigle.net
• GPS puck
• solar-powered

• Malicious LNK
• fileshares on DC
• NT Directory Services