Keystroke Logging with Beacon
I feel asynchronous low and slow C2 is a missing piece in the penetration tester’s toolkit. Beacon is Cobalt Strike’s answer to this problem. Beacon
Offense in Depth
I regularly receive emails along the lines of “I tried these actions and nothing worked. What am I doing wrong?” Hacking tools are not magical
Using AV-safe Executables with Cortana
Part of a penetration tester’s job is to deal with security products, such as anti-virus. Those of us that use the open source Metasploit Framework
Post-Mortem of a Metasploit Framework Bug
Two weekends ago, I ran my Advanced Threat Tactics course with a group of 19 people. During the end exercise, one of the teams was frustrated. Their
Beacon – A PCI Compliant Payload for Cobalt Strike
TL;DR Beacon is a new Cobalt Strike payload that uses DNS to reduce the need to talk directly to Cobalt Strike. Beacon helps you mimic
My VirtualBox Penetration Testing Lab
Last week I taught an Advanced Threat Tactics course at the Lonestar Application Security conference. I like to provide ample hands-on opportunities in my courses.