User-driven Attacks
A user-driven attack is an attack that relies on a feature to get code execution. Most penetration testers I know rely on user-driven attacks over
Cobalt Strike 2.1 – I have the POWER(shell)
For a long time, I’ve wanted the ability to use PowerUp, Veil PowerView, and PowerSploit with Cobalt Strike. These are useful post-exploitation capabilities written in
The Post Exploitation Team
I often get asked about red team skills and training. What should each team member know how to do? For exercises or long running attack
Infrastructure for Ongoing Red Team Operations
Recently, I’ve had several questions about how to set up infrastructure for long running red team operations with Cobalt Strike. This is an ideal use
Puttering my Panda and other Threat Replication Case Studies
Cobalt Strike 2.0 introduced Malleable C2, a technology to redefine network indicators in the Beacon payload. What does this mean for you? It means you
Pass-the-Golden-Ticket with Cobalt Strike’s Beacon
Back in May, I wrote up some impressions about Meterpreter’s Kiwi extension. It’s Mimikatz 2.0, complete with its ability to generate a Kerberos “Golden Ticket” with
Use Cobalt Strike’s Beacon with Veil’s Evasion
The Veil Framework is a collection of red team tools, focused on evading detection. The Veil Evasion project is a tool to generate artifacts that
Cobalt Strike 2.0 – Malleable Command and Control
I define threat replication as a penetration test that looks like an attack from an APT actor. Assessments that involve threat replication are more than
The Access Management Team [Shell Sherpas]
When I participate in an exercise, with multiple target networks and a large red team, I favor splitting the team up into cells. Each cell
The Beachhead
I see egress as one of the biggest pains in the offensive space. If your target has zero egress controls—don’t worry about anything I have