The AD Pentesting tool is a tool created in PowerShell to quickly setup an Active directory lab for testing purposes. This tool can help setup a Domain controller and Workstation in a lab environment quickly and effectively. While the tool is specifically written to configure an Active directory environment in a lab environment the tool can be easily stretched for production environment as its released under MIT license.
“Everybody has a plan until they get punched in the mouth” - Mike Tyson
“Everybody has an “Incident Response plan” until they get hit by a Ransomware” - Sonny
A well documented and well rehearsed Incident Response (IR) plan can help an organization when dealing with a security incident such as a Ransomware attack. Often an IR plan can be the difference between an organization surviving the cyber attack or going out of business1.
The key to have a good IR plan is to regularly conduct tabletop exercise and address the gaps discovered during the exercise. Ransomware has wreaked havoc in recent times as such an IR plan is incomplete if it does not include the scenario addressing ransomware attack. This blog post discusses some key questions which should be part of an IR tabletop exercise for ransomware attack scenario.
According to Kaspersky
Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid for your system to work again.
Ransomware is a major threat for any organization in current cybersecurity landscape. Ransomware can cripple the ability of an organization to fulfill their business obligations and can potentially shutter the business for good. Ransomware groups operate like any other mature organization with specific departments responsible for specific responsibilities. Ransomware groups have dedicated teams responsible for ransomware development, ransomware delivery, handling communication with victims etc. Some of the most notorious and active ransomware groups are1
- RobbinHood ransomware
- NetWalker ransomware
- Maze ransomware
- REvil ransomware