How to Inject Shellcode from Java
Cobalt Strike’s Java Applet attacks inject shellcode into memory. Injecting into memory is valuable as it helps get past application whitelisting and can help evade
Why is notepad.exe connecting to the internet?
To the observant network defender, notepad.exe connecting to the internet is a key indicator of compromise. In this blog post, I’d like to explain why
Situational Awareness for Meterpreter Users
Hacking involves managing a lot of contextual factors at one time. Most times, the default situation works and a tool will perform beautifully for you.
The Origin of Armitage’s Hail Mary Mass Exploitation Feature
Several times now, an author has introduced Armitage, and the main value add to the hacking process that they emphasize is the “devastating” Hail Mary attack.
Staged Payloads – What Pen Testers Should Know
The Metasploit Framework decouples exploits from the stuff that gets executed after successful exploitation (the payload). Payloads in the Metasploit Framework are also divided into
Red Team Data Collection
In 2011, I participated in an exercise. The exercise ran for 60 hours straight, forcing the red team to work in shifts. The event was
Telling the Offensive Story at CCDC
The 2013 National CCDC season ended in April 2013. One topic that I’ve sat on since this year’s CCDC season ended is feedback. Providing meaningful and
Goading Around Firewalls
Last weekend, I was enjoying the HackMiami conference in beautiful Miami Beach, FL. On Sunday, they hosted several hacking challenges in their CTF room. One
Red Team Training at BlackHat USA
Before developing Cobalt Strike, I conducted interviews with several penetration testing practitioners. I wanted to dig into their process, the tools they used, the gaps
National CCDC Red Team – Fair and Balanced
Saturday, 6:30pm ended my 2013 red teaming season. I’ve participated in the Collegiate Cyber Defense Competition as a red team volunteer since 2008. I love