Blog An unnecessary addiction to DNS communication I regularly hear stories from my users about how they got past a tough situation and had success that they claim was not possible without
Blog 2015’s Red Team Tradecraft “There is a theory which states that if ever anyone discovers exactly what the Universe is for and why it is here, it will instantly
Blog So, you won a regional and you’re headed to National CCDC The 2015 National CCDC season started with 100+ teams across 10 regions. Now, there are 10 teams left and they’re headed to the National CCDC
Blog Reverse Port Forward through a SOCKS Proxy I had a friend come to me with an interesting problem. He had to get a server to make an outbound connection and evade some
Blog Training Recommendations for Threat Emulation and Red Teaming A few weeks ago, I had someone write and ask which training courses I would recommend to help setup a successful Red Team program. If
Blog The First Five Minutes March and April are CCDC season. This is the time of the year when teams of college students get to compete against each other as
Blog My Favorite PowerShell Post-Exploitation Tools PowerShell became a key part of my red team toolkit in 2014. Cobalt Strike 2.1 added PowerShell support to the Beacon payload and this has made
Blog Another Night, Another Actor Earlier last year, I had a frantic call from a customer. They needed to make a small change to Beacon’s communication pattern and quickly. This
Blog DNS Communication is a Gimmick I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
Blog Pass-the-(Golden)-Ticket with WMIC One of my favorite blog posts from last year was the Adversary Tricks and Treats post from CrowdStrike. They showed how one of the actors