DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
Pass-the-(Golden)-Ticket with WMIC
One of my favorite blog posts from last year was the Adversary Tricks and Treats post from CrowdStrike. They showed how one of the actors
What’s the go-to phishing technique or exploit?
This blog post is inspired by a question sent to a local mailing list. The original poster asks, what’s the go-to phishing technique or exploit
When You Know Your Enemy
TL;DR This is my opinion on Threat Intelligence: Automated Defense using Threat Intelligence feeds is (probably) rebranded anti-virus. Threat Intelligence offers benefit when used to
Adversary Simulation Becomes a Thing…
There is a growing chorus of folks talking about simulating targeted attacks from known adversaries as a valuable security service. The argument goes like this: penetration testers
Give me any zero-day and I will rule the world
A few months ago, I was having lunch at a favorite Italian restaurant in Washington, DC. I work in a residential area, which means lunch
The Post Exploitation Team
I often get asked about red team skills and training. What should each team member know how to do? For exercises or long running attack
Infrastructure for Ongoing Red Team Operations
Recently, Iāve had several questions about how to set up infrastructure for long running red team operations with Cobalt Strike. This is an ideal use
Puttering my Panda and other Threat Replication Case Studies
Cobalt Strike 2.0 introduced Malleable C2, a technology to redefine network indicators in the Beacon payload. What does this mean for you? It means you
Introducing Morning Catch – A Phishing Paradise
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation. On this virtual machine, you