Secure Your Network

IT security under attack

Identify, mitigate, and prevent security risks.

 
  • Attack Demos
  • Security Sessions
  • SOC insights
 
  • Network security
  • Application security
  • Cloud security
  • Endpoint security
  • Information & Data security
  • IAM security
  • Defend with MITRE ATT&CK

Seen the attack? Learn
what made it tick.

Read More  

  • Secretly copying files from a remote location

    Learn more

  • Installing a malicious backdoor service

    Learn more

  • Hybrid AD reconnaissance

    Learn more Hybrid AD reconnaissance

  • Dumping credentials from local memory of servers (LSA)

    Learn more

  • Simulating domain controller behavior to get Active Directory user passwords

    Learn more

  • Registering a rogue domain controller to inject backdoor changes into Active Directory

    Learn more

  • Malicious Microsoft Office macro creation

    Learn more

  • SEO poisoning attack flow

    Learn more SEO poisoning attack flow

  • AWS ransomware attack

    Learn more AWS ransomware attack

  • AD to Azure AD attack

    Learn more AD to Azure AD attack

  • Storage attack in Azure and AWS

    Learn more Storage attack in Azure and AWS
  • New

    Securing Windows services

    Learn more securing-windows-services-attack
  • New

    Security Log killer

    Learn more security-log-killer-attack-flow

  • Detecting attacks in Linux environments

    Learn more

  • Detecting attacks in Windows environments

    Learn more

  • Bypass Windows Logons attack

    Learn more

  • Credential dumping attack

    Learn more Credential dumping attack

  • Kerberroasting attack

    Learn more Kerberroasting attack

  • Compromising an exchange server and extracting sensitive emails

    Learn more

  • Ransomware attacks on organizations

    Learn more

  • Password spray attack on Active Directory users

    Learn more

  • Attacking authentication in AD and Azure environments

    Learn more Attacking authentication in AD and Azure environments

  • Passing the password hash of admin to gain instant privilege

    Learn more

  • Brute forcing Active Directory administrator's password

    Learn more

  • Backdooring users into privileged groups in Active Directory

    Learn more
All tactics Initial Access Privilege escalation Lateral Movement Persistence

  • Reconnaissance to find open egress ports

    Learn more attackflow

  • Bypass User Account Control (UAC)

    Learn more attackflow

  • Enabling RDP on the target machine

    Learn more attackflow

  • Persistence via registry key modification

    Learn more attackflow
 
  • Virtual Sessions
  • Live Sessions

Seen the attack? Learn
what made it tick.

Read More  

Virtual Sessions

video thumbnail

Cloud and Windows data security

video thumbnail

Zero access to domain in 40 minutes

video thumbnail

Active Directory Security: Domain admin access before lunch

video thumbnail

Password cracking techniques, how to protect against them

video thumbnail

Choosing the right enterprise IAM strategy for AD and Azure AD

video thumbnail

Securing the transition - Extending on-premise AD to AWS

video thumbnail

Dangerous defaults that put your IT environment at risk

video thumbnail

Everything you need to know to secure your Azure AD infrastructure

video thumbnail

Mastering AD and Azure AD administration

video thumbnail

Attacking AD and Azure AD environments

video thumbnail

10 security vulnerabilities that excite hackers

video thumbnail

Identity and Access Management: A prerequisite for security

video thumbnail

Identifying security misconfigurations that can lead to breaches

video thumbnail

Implementing a least privileged design for hybrid AD security

video thumbnail

Active Directory Security Fundamentals

video thumbnail

Hybrid IT essentials that you cant live without

video thumbnail

Ten events you should audit in hybrid AD to prevent a breach

video thumbnail

Embracing WFH, How to secure your remote workers from remote attacks

video thumbnail

Core concepts of Azure AD - Demystifying identity governance

video thumbnail

Improving security identity management for the hybrid cloud

video thumbnail

The search for the perfect password, will it ever end?

video thumbnail

Hardening password security across hybrid AD

video thumbnail

Security hardening begins with a clean active directory

video thumbnail

Combating snake ransomware: Detection and mitigation strategy

video thumbnail

10 security vulnerabilities that excite hackers

video thumbnail

Limit Active Directory attack radius with efficient management practices

video thumbnail

Boost your IT productivity with secure password self-service

video thumbnail

Unmonitored permissions and unchecked privileged access: An invitation to a security breach

video thumbnail

Securing hybrid identities with 2FA and advanced password controls

 
 

Live Sessions

  • Blackhat asia 2025:

    Singapore
    Your Security Settings Are Talking—Are You Listening?

    Many breaches stemmed from misconfigurations that enabled lateral movement. The session showed how attackers used built-in tools like PowerShell to stay hidden.

  • Tech Week 2024:

    Singapore
    Cybersecurity essentials for securing your hybrid organizations 2024

    The session focused on cybersecurity essentials for securing hybrid environments. It highlighted unified IAM, continuous monitoring, and Zero Trust as key pillars.

  • Convenzis UK - NHS 2025

    Singapore
    Fireside chat

    This panel explored security visibility and employee awareness in the healthcare sector. Discussions covered legacy risks, emerging tech, and threats like RaaS and supply chain attacks.

  • IDC, CSO & ManageEngine Executive Event 2025

    Singapore
    Security keynote

    The session covered identity management challenges in hybrid UK environments. It stressed the shift toward unified platforms over siloed IAM and PAM tools to reduce risk.

  • GovWare Conference and Exhibition 2024

    Singapore

    At GovWare Singapore, I discussed how detection engineering, SIEM, and IAM strengthen government cybersecurity. Tailored detections and strict access controls were key to enabling Zero Trust and visibility.

  • Blackhat MEA - Malham 2024

    Riyadh, Saudi Arabia

    I connected with cybersecurity professionals to discuss real-world threats and showcase ManageEngine’s SIEM. Mini-theatre sessions and hands-on POCs highlighted our detection engineering capabilities.

  • 6D Security AI - CISO roundtable 2025

    Sydney, Australia
    Modernising Security @ the Core – the Next Cyber Frontier

    At a Sydney roundtable, I discussed identity sprawl, tool fatigue, and the limits of MFA. We explored how AI and smart frameworks enhance Zero Trust and resilience.

  • PowerShell as a cyberattack tool

    Research Material

    I researched how attackers abuse PowerShell for fileless attacks, credential dumping, and lateral movement. The findings focused on detection techniques and best practices to prevent misuse in enterprise environments.

    Learn more  

  • Keep calm and monitor PowerShell with Log360

    Research Material

    Keep calm and monitor PowerShell with Log360 — track scripts, modules, users, and servers to spot suspicious activity before it strikes.

    Learn more  

  • There is more than one way to gain admin privileges

    Research Material

    In my SlideShare, I showcased how attackers escalate privileges in Windows and AD through paths like token theft and misconfigurations. I stressed the importance of early detection and regular privilege audits.

    Learn more  

  • Vulnerability assessment and analysis using OWASP ZAP and OpenVAS

    Research Material

    A fun pet project, conducted a vulnerability scan of DVWA using OWASP ZAP and OpenVAS.

    Learn more  

  • Malware traffic analysis using WireShark

    Research Material

    Using Wireshark, Network Miner, and Zui, I analyzed how IcedID malware spread across a network. The packet analysis revealed C2 behavior and key indicators of compromise to strengthen risk analysis.

    Learn more  
 
 
  • Attack flow
  • Technical attack
  • Solution

Password spray attack on Active Directory users

Password spray attack on Active Directory users
  • Attacking password hash synchronization in AD and Azure AD
    Attacking password hash synchronization in AD and Azure AD
  • Attacking Pass-Through Authentication in AD and Azure AD
    Attacking Pass-Through Authentication in AD and Azure AD
  • Attacking leaky S3 buckets in Amazon Web Services (AWS)
    Attacking leaky S3 buckets in Amazon Web Services (AWS)
  • Attacking unsecure storage accounts in Azure AD
    Attacking unsecure storage accounts in Azure AD

Password spray attack on Active Directory users

Password spray attack on Active Directory users

  • Detect Password spray script usage
    Detect Password spray script usage
  • Capture logon failures
    Capture logon failures
  • Detect scripts executed by end users
    Detect scripts executed by end users
  • Capture malicious tool usage to capture user credentials
    Capture malicious tool usage to capture user credentials
  • Detect brute-force attacks on Microsoft 365
    Detect brute-force attacks on Microsoft 365
  • Detect illegal file copies using the expand process
    Detect illegal file copies using the expand process
  • Detect malicious services
    Detect malicious services
  • Capture malicious PowerShell modules and scripts
    Capture malicious PowerShell modules and scripts
  • Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps.
    Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps
  • Discover malicious scripts
    Discover malicious scripts
  • Detect scripts executed by users
    Detect scripts executed by users
  • Detect logon failures
    Detect logon failures
  • Detect scripts that install backdoor MSI apps
    Detect scripts that install backdoor MSI apps
  • Detect MSI files allowed are not allowed to run
    Detect MSI files allowed are not allowed to run
  • Detect scripts that search for privilege escalation opportunities
    Detect scripts that search for privilege escalation opportunities
  • Identify members added to security groups
    Identify members added to security groups
  • Discover the contents of the scripts executed by users
    Discover the contents of the scripts executed by users
  • Discover login attempts to Exchange via command shells
    Discover login attempts to Exchange via command shells
  • Capture suspicious commands invoked in PowerShell
    Capture suspicious commands invoked in PowerShell
  • Capture permission changes on the domain
    Capture permission changes on the domain
  • Detect execution of tools like Mimikatz
    Detect execution of tools like Mimikatz
  • Determine the exact permission modified
    Determine the exact permission modified
  • Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
    Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
  • Monitor files and folders for unauthorized modifications
    Monitor files and folders for unauthorized modifications
  • Monitor computer object attribute changes
    Monitor computer object attribute changes
  • Bypass windows logons detect computer startup shutdown
    Bypass windows logons detect computer startup shutdown
  • Read into script details
    Read into script details
  • Detect scripts executed by end users
    Detect scripts executed by end users
  • Detect Security Changes
    Detect Security Changes
  • Correlate security changes to detect ransomware attacks
    Correlate security changes to detect ransomware attacks
  • Use predefined correlation rules to detect ransomware attacks
    Use predefined correlation rules to detect ransomware attacks
  • Determine the exact commands run by your users
    Determine the exact commands run by your users
  • Build customized alerts based on recon commands or scripts
    Build customized alerts based on recon commands or scripts
  • Detect recon commands invoked and scripts executed on command line interfaces (like PowerShell)
    Detect recon commands invoked and scripts executed on command line interfaces
  • Discover password attacks on azure environments by monitoring logons
    discover-password-attacks-on-azure-environments-by-monitoring-logons
  • Detect attacker's attempts to obtain information on Azure tenants via command line shells
    Detect attacker's attempts to obtain information on Azure tenants via command line shells
  • Capture malicious tool usage to capture user credentials
    Capture malicious tool usage to capture user credentials
  • Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
    Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
  • Discover malicious scripting tools used to extract the targeted service account tickets
    Discover malicious scripting tools used to extract the targeted service account tickets
  • Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
    Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
  • Detect permission changes on S3 buckets
    Detect permission changes on S3 buckets
  • Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
    Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
  • Detect attempts to intercept PTA agent and capture user passwords
    Detect attempts to intercept PTA agent and capture user passwords
  • AADInternals - A malicious PowerShell module used in PTA interception attacks
    AADInternals - A malicious PowerShell module used in PTA interception attacks
  • Detect attempts to decrypt the passwords of the MSOL_nnnn account
    Detecting attempts to decrypt the passwords of the MSOL_nnnn account
  • Detect file creations that record user passwords in PTA interception attack
    Detect file creations that record user passwords in PTA interception attack
  • Detect permission changes on Azure Storage Accounts
    Detect permission changes on Azure Storage Accounts
  • Detect users and hosts accessing the S3 bucket
    Detect users and hosts accessing the S3 bucket
  • Detect file modifications in buckets by tracking host IP addresses
    Detect file modifications in buckets by tracking host IP addresses
  • Find recently modified AWS S3 buckets
    Find recently modified AWS S3 buckets
  • Monitor SSH,FTP, switch user logons (SU)
    Monitor SSH,FTP, switch user logons (SU)
  • Track logon failures to detect break-in attempts
    Track logon failures to detect break-in attempts
  • Monitor system events like 'Syslog stopped' which could be indications of an attack attempt
    Monitor system events like 'Syslog stopped' which could be indications of attack attempt
  • Monitor root command executions
    Monitor root command executions
  • Track modifications on your Linux users
    Track modifications on your Linux users
  • Monitor several Linux servers with ease
    Across all Linux servers in your network
  • Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
    Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
  • Track various modes of logon- remote, local, RADIUS logon and more
    Track various modes of logons- remote, local, RADIUS logon and more
  • Monitor changes across your SQL servers, Web Servers, Terminal servers too!
    Monitor changes across your SQL servers, Web Servers, Terminal servers too!
  • Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
    Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
  • Monitor script executions across your Windows servers
    Monitor script executions across your Windows servers
  • Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations
    Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations
  • Detect services and the privileges they run with
    Detect services
  • Detect privilege escalations to the local admin via PowerShell
    Detect privilege escalations
  • Capture Security Log Killer activities
    Capture Security Log Killer activities
  • Capture evidence and alert authorized personnel
    Capture evidence and alert authorized personnel
  • Capture users visiting malicious URL's:
    Capture users visiting malicious URL's
  • Capture exploitation attempts via DLL modification:
    Capture exploitation attempts via DLL modification
  • Get port scan attempts across your network
    Get port scan attempts across your network
  • Leverage open source tools such as NMAP to gain vulnerability insights
    Leverage open source tools such as NMAP to gain vulnerability insights
  • Capture UAC bypass attempts by tracking processes, commands invoked and more
    Capture UAC bypass attempts by tracking processes, commands invoked and more
  • Capture tactics used to move laterally:
    Capture tactics used to move laterally
  • Capture Remote Desktoop (RDP) login and exploit attempts:
    Capture Remote Desktoop (RDP) login and exploit attempts
  • Capture attempts for persistence by detecting registry key modifications:
    Capture attempts for persistence by detecting registry key modifications

Explore real-world stories where Red sets the trap and Blue turns the tables.

Watch Red & Blue in Action
Let’s solve security challenges—together.
Abhilash Mamidela, CISSP abi@manageengine.com

  Zoho Corporation Pvt. Ltd. All rights reserved