UAC is User Account Control. Introduced in Windows Vista, UAC is a collection of technologies that make it convenient possible to use Windows without administrator privileges and elevate your rights when needed. UAC has a lot of moving parts and encompasses a lot of things. This post focuses on Windows Integrity levels and UAC elevation […]
Read More… from User Account Control – What Penetration Testers Should Know
I’m writing this from a New Hampshire Bed and Breakfast where I’ve apparently received the Jacuzzi suite. I’m here for a romantic weekend running psexec and managing Beacons inside of student networks for the North East Collegiate Cyber Defense Competition event. This is my seventh year with this event. I made a lot of development progress early into my […]
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college students who must defend computer networks riddled with security holes. For the second year, my company is making Cobalt Strike available to members of the National CCDC and Regional CCDC red teams. […]
Read More… from CCDC Red Teams: Ten Tips to Maximize Success
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details matter. Read on for a sense of what I mean by this. Pivot Listeners This Cobalt Strike update introduces pivot listeners. A pivot listener is a handler for a reverse payload […]
If you’ve ever had to change a module in the Metasploit Framework, you know the go to place is the modules/ directory off of the Metasploit Framework’s root folder. Recently, I had to modify the Metasploit Framework’s reverse_http stager. It currently sends a blank User-Agent. This is a problem because a blank User-Agent will not […]
I’m the developer of a commercial penetration testing product, Cobalt Strike. People are often amazed that I have a free 9-part Penetration Testing course on my website. This 9-part course is all of the material from my paid two-day class: Advanced Threat Tactics. Why do I give away my training product, for free? I know […]
Read More… from Why I give all of my training material away—for free
Beacon is Cobalt Strike’s payload for red team actions. Beacon is a stable lifeline that can serve as a communication layer. Meterpreter is a fantastic post-exploitation agent with a lot of features. Used together, Beacon and Meterpreter give you a lot of options for stealth and indirection. In this post, I’ll take you through different ways to use […]
Read More… from Four Levels of Hacking Sophistication with Beacon
The Java Signed Applet Attack is a staple social engineering option. This attack presents the user with a signed Java Applet. If the user allows this applet to run, the attacker gets access to their system. Val Smith’s 2009 Meta-Phish paper made this attack popular in the penetration testing community. Last week’s Java 1.7 update […]
Read More… from Obituary: Java Self-Signed Applet (Age: 1.7u51)
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather, they register many domains and setup several systems to act as redirectors (pivot points) back to their command and control server. As of last week, Cobalt Strike now has full […]
Read More… from Cloud-based Redirectors for Distributed Hacking
Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of feedback about this and I know it’s annoying. The latest release of Cobalt Strike now generates artifacts from its own Artifact Kit. The Artifact Kit is a proprietary source code […]
Read More… from Cobalt Strike 01.08.14 – EXE Artifacts: A New Hope