Author Archives: Marc Smeets

Introducing RedELK – Part 1: why we need it

This multi-part blog post is about a tool we released: RedELK. In a few words you can describe it as a “Red Team’s SIEM”, although it actually does a few more things to ease the life of red teams. We released it right after our talk at BruCON 2018, and you may have already seen […]

Automated AD and Windows test lab deployments with Invoke-ADLabDeployer

We are happy to introduce Invoke-ADLabDeployment: a PowerShell project that helps you to quickly deploy a virtual test environment with Windows servers, Windows desktops, Office, Active Directory and a networking setup with multiple broadcast segments, all running on your local Hyper-V environment. It is an in-house developed tool that we use heavily during our red […]

Public password dumps in ELK

Passwords, passwords, passwords: end users and defenders hate them, attackers love them. Despite the recent focus on stronger authentication forms by defenders, passwords are still the predominant way to get access to systems. And due to the habit of end users reusing passwords, and the multitude of public leaks in the last few years, they […]