Blog The Cobalt Strike Trial’s Evil Bit RFC 3514 proposes an IPv4 flag to allow traffic to flag itself as malicious or not. This RFC’s authors reason that if malicious programs opt
Blog Named Pipe Pivoting One of my favorite features in Cobalt Strike is its ability to pivot over named pipes. A named pipe is a way for two programs
Blog Advanced Threat Tactics – Course and Notes The release of Cobalt Strike 3.0 also saw the release of Advanced Threat Tactics, a nine-part course on red team operations and adversary simulations. This
Blog Rethinking Reporting for Red Team Operations Cobalt Strike 3.0 is coming in a few weeks. This upcoming release is the result of a large engineering effort that paralleled my existing efforts
Blog The Aggressor Project (Preview) If you’ve run into me at a conference during the 2015 calendar year, there’s a strong chance you’ve heard about or saw the Aggressor project.
Blog Raphael’s Magic Quadrant BlackHat is about to start in a few days. I think this is an appropriate time to share a non-technical, business only post. There is
Blog Cobalt Strike 2.5 – Advanced Pivoting I spend a lot of my red time in the Access Manager role. This is the person on a red team who manages callbacks for
Blog WinRM is my Remote Access Tool One of my favorite blog posts last year was Adversary Tricks and Treats from CrowdStrike. In this post, CrowdStrike details the tradecraft of an actor
Blog Models for Red Team Operations Recently, I had an email from someone asking for a call to discuss different models of red team operations. This gentlemen sees his team as
Blog How to Pass-the-Hash with Mimikatz I’m spending a lot of time with mimikatz lately. I’m fascinated by how much capability it has and I’m constantly asking myself, what’s the best