[! WARNING] INCOMPLETE

note: if learning about the attacks on AD directory is the goal, check out: https://github.com/Orange-Cyberdefense/GOAD

According to microsoft’s website, Active Directory (AD) provides the methods for storing directory data and making this data available to network users and administrators. In simple words, it’s a phone book that can be accessed over a network which contains information on computers, user, printers etc. Authentication on windows is done through Kerberos and Kerberos Tickets. For other systems (linux, mac) it uses protocols like RADIUS, LDAP (Lightweight Directory Access Protocol).

FirmXRay

link : https://github.com/OSUSecLab/FirmXRay

A static analysis tool based on Ghidra to detect Bluetooth link layer vulnerabilities from bare-metal firmware. As proof-of-concept, the current implementation supports firmware (ARM Cortex-M Architecture) developed based on Nordic and TI SDKs (i.e., SoftDevice and BLE-Stack).

The three main components of FirmXRay are:

1. Base address recognition. It can automatically infer the firmware base address using the point-to relation heuristics. The output result will be in ./base/base.txt.
2. Backward slicing. FirmXRay will start from the SDK APIs and backward extract the relevant program paths.
3. Static value computation. FirmXRay can statically execute ARM instructions to compute the configuration values from the program slices.

For more details, please refer to our paper FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware.

The Journey Begins: Why I Built a SIEM Home Lab

Like many aspiring cybersecurity professionals, I wanted to get hands-on experience with real security tools. Reading about SIEMs is one thing, but actually building one? That’s where the real learning happens. So I rolled up my sleeves and dove into Microsoft Azure Sentinel to create my own Security Operations Center (SOC) in the cloud.

Spoiler alert: It was easier than I thought, but way more powerful than I imagined.