Cornerstone: Red Team

Information Security is a strange field. There are probably few professions with such a wide range of social skills and preferences as the information security profession. Personally, I think this is what’s fun. It’s pretty cool that an MC can take a shot of vodka before introducing a speaker at a conference. Unfortunately, the perceived […]

Read More… from Survival Skills for Small Infosec Vendors

UAC is User Account Control. Introduced in Windows Vista, UAC is a collection of technologies that make it convenient possible to use Windows without administrator privileges and elevate your rights when needed. UAC has a lot of moving parts and encompasses a lot of things. This post focuses on Windows Integrity levels and UAC elevation […]

Read More… from User Account Control – What Penetration Testers Should Know

The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college students who must defend computer networks riddled with security holes. For the second year, my company is making Cobalt Strike available to members of the National CCDC and Regional CCDC red teams. […]

Read More… from CCDC Red Teams: Ten Tips to Maximize Success

I’m the developer of a commercial penetration testing product, Cobalt Strike. People are often amazed that I have a free 9-part Penetration Testing course on my website. This 9-part course is all of the material from my paid two-day class: Advanced Threat Tactics. Why do I give away my training product, for free? I know […]

Read More… from Why I give all of my training material away—for free

The Java Signed Applet Attack is a staple social engineering option. This attack presents the user with a signed Java Applet. If the user allows this applet to run, the attacker gets access to their system. Val Smith’s 2009 Meta-Phish paper made this attack popular in the penetration testing community. Last week’s Java 1.7 update […]

Read More… from Obituary: Java Self-Signed Applet (Age: 1.7u51)

A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather, they register many domains and setup several systems to act as redirectors (pivot points) back to their command and control server. As of last week, Cobalt Strike now has full […]

Read More… from Cloud-based Redirectors for Distributed Hacking

One of my favorite Metasploit Framework modules is psh_web_delivery. You can find it in exploits -> windows -> misc. This module starts a local web server that hosts a PowerShell script. This module also provides a PowerShell one liner to download this script and run it. I use this module all of the time in […]

Read More… from Schtasks Persistence with PowerShell One Liners

A few days ago, I posted the YouTube playlist on Twitter and it’s made a few rounds. That’s great. This blog post properly introduces the course along with a few notes and references for each segment. Tradecraft is a new nine-part course that provides the background and skills needed to execute a targeted attack as […]

Read More… from Tradecraft – Red Team Operations Course and Notes

I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking tool relay through it. No thinking required. Not quite. Email is not as open as it was ten years ago. Several standards exist to improve the security of email delivery and […]

Read More… from Email Delivery – What Pen Testers Should Know

Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the Metasploit Framework’s RPC server. To pass different data types to/from the Metasploit Framework, clients use the MessagePack object serialization format. Because clients may interface with the Metasploit Framework in this […]

Read More… from What’s in a Team Server?