Riccardo Ancarani - Red Team Adventures
  • About Me
  • Medium

Red Team Adventures

No really idea of what I'm doing, but I'm having fun

Hunting for SCShell Usage Using ELK

hunt hunt hunt

Posted on December 16, 2019

Introduction In today’s post we’re going to create detections and hunt for the usage of the recent lateral movement technique called SCShell. [Read More]
Tags: threat-hunting

Streamlining BloodHound Analytics

Jupyter all the things

Posted on December 8, 2019

Introduction [Read More]
Tags: red-teaming

Not All Paths are Created Equal

Attackers' Economy (Part 1)

Posted on November 8, 2019

Introduction [Read More]
Tags: red-teaming

Hunting for Suspicious LDAP Activity with SilkETW and Yara

Detecting Active Directory Enumeration

Posted on October 19, 2019

Intro This is another post to document my journey of learning Threat Hunting. In today’s post we’re going to perform threat hunting activities with the aim of hunting for AD domain enumeration. [Read More]
Tags: threat-hunting

Hunting for Anomalous Usage of MSBuild and Covenant

Posted on October 19, 2019

Today’s post will cover some of my experiments while practicing threat hunting. Specifically today we will cover hunting for malicious usage of msbuild.exe used by Covenant. [Read More]
Tags: threat-hunting
  • ← Newer Posts
  • Older Posts →
  • RSS
  • GitHub
  • Twitter
  • LinkedIn

Riccardo Ancarani  •  2023

Theme by beautiful-jekyll