I spend a lot of time thinking about what my tools can and can’t do. One of the weakest points for penetration testing tools is their (in-)ability to get past some egress restrictions. I previously wrote about why this is a problem and how you might get past different egress restrictions. My general advice is […]
CTA Type: Resource
The Access Management Team [Shell Sherpas]
When I participate in an exercise, with multiple target networks and a large red team, I favor splitting the team up into cells. Each cell owns a target network and is responsible for any objectives that must occur in that target network. These cells are supported by an access management team. The access management team […]
Cobalt Strike – Innovative Offense or “just a GUI”?
In June 2012, I announced Cobalt Strike to the world. Thanks to Cobalt Strike‘s users, I build and research offensive technologies, full-time, and have done so for the past two years. In this post, I’d like to show what has come from these two years of user-funded work. The Big Ideas Modeling Advanced Attackers with Beacon The Beacon payload is THE threat emulation […]
Read More… from Cobalt Strike – Innovative Offense or “just a GUI”?
The Beachhead
I see egress as one of the biggest pains in the offensive space. If your target has zero egress controls—don’t worry about anything I have to say here. If you’re up against a harder target, read on—I think I’m close to cracking this problem. You need different payloads for different phases of your engagement. I […]
Connecting to a Metasploit RPC server on Windows is not supported
When a user launches Armitage or Cobalt Strike on Windows and presses Start MSF, they’re presented with a curious error. It states: You must connect to a team server hosted on Linux. Connecting to a Metasploit RPC server on Windows is not supported. This error generates a lot of requests for help in various forums […]
Read More… from Connecting to a Metasploit RPC server on Windows is not supported
Meterpreter Kiwi Extension: Golden Ticket HOWTO
Mimikatz is a rapidly evolving post-exploitation toolkit by Benjamin Delpy. I call it a post-exploitation toolkit because it has a lot of features, far beyond the ability to dump plain-text passwords. One of the interesting features in Mimikatz 2.0 is its ability to generate a Kerberos ticket for a domain administrator with a lifetime of 10 […]
Read More… from Meterpreter Kiwi Extension: Golden Ticket HOWTO
The #1 Trait of a Successful Hacker
For some people, programming comes naturally to them. For others, it’s a struggle or something that doesn’t click with the way they think. The same thing with hacking. Hackers often complain about “script kiddies”, people who use tools without any clue about what they do. What’s the difference between someone who will become a good […]
Covert Lateral Movement with High-Latency C&C
High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a bot that phones home to an attacker’s web server to request instructions once each day. High latency communication is common with advanced threat malware. It’s not common in penetration testing […]
Read More… from Covert Lateral Movement with High-Latency C&C
Cobalt Strike 1.49 – HTTP Proxy Authentication? No Problem.
I spend a lot of time on the road in March and April—using my tools. During these months, I take careful notes of the usability issues I’d like to address and small tweaks that would make life better for Cobalt Strike’s hacker corps. Today’s Cobalt Strike release is the result of notes and my first-hand […]
Read More… from Cobalt Strike 1.49 – HTTP Proxy Authentication? No Problem.
Survival Skills for Small Infosec Vendors
Information Security is a strange field. There are probably few professions with such a wide range of social skills and preferences as the information security profession. Personally, I think this is what’s fun. It’s pretty cool that an MC can take a shot of vodka before introducing a speaker at a conference. Unfortunately, the perceived […]