Telling the Offensive Story at CCDC
The 2013 National CCDC season ended in April 2013. One topic that I’ve sat on since this year’s CCDC season ended is feedback. Providing meaningful and
Goading Around Firewalls
Last weekend, I was enjoying the HackMiami conference in beautiful Miami Beach, FL. On Sunday, they hosted several hacking challenges in their CTF room. One
Red Team Training at BlackHat USA
Before developing Cobalt Strike, I conducted interviews with several penetration testing practitioners. I wanted to dig into their process, the tools they used, the gaps
National CCDC Red Team – Fair and Balanced
Saturday, 6:30pm ended my 2013 red teaming season. I’ve participated in the Collegiate Cyber Defense Competition as a red team volunteer since 2008. I love
WRCCDC – A Red Team Member’s Perspective
Western Regional CCDC was pretty epic. Given the level of interest in red activity, I’d like to share what I can. So much happened, I
A Vision for Distributed Red Team Operations
Last year I gave a talk on Force Multipliers for Red Team Operations. In that talk, I elaborated on my search for capabilities that make
Tactics to Hack an Enterprise Network
In June 2012, I released Cobalt Strike, a commercial penetration testing package that picks up where Armitage leaves off. Cobalt Strike is a direct expression of what I
How to Milk a Computer Science Education for Offensive Security Skills
Recently, a poster on reddit asked how to get into offensive security as a student studying Computer Science. Before the post was removed, the poster expressed
Hacking like APT
Lately, I’ve seen several announcements, presentations, and blog posts about “hacking like” Advanced Persistent Threat. This new wave of material focuses on mapping features in
Keystroke Logging with Beacon
I feel asynchronous low and slow C2 is a missing piece in the penetration tester’s toolkit. Beacon is Cobalt Strike’s answer to this problem. Beacon