4 Free Easy Wins That Make Red Teams Harder

December 10, 2020

In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps…

Read

MacOS Injection via Third-Party Frameworks

September 21, 2020

Since joining the TrustedSec AETR team, I have been spending a bit of time looking at tradecraft for MacOS environments, which, unfortunately for us attackers, are getting tougher to attack compared to their Windows peers. With privacy protection, sandboxing, and endless entitlement dependencies, operating via an implant on a MacOS-powered device can be a minefield….

Read

Weaponizing Group Policy Objects Access

September 17, 2020

Recently, I was on an engagement where I discovered I had plaintext credentials to an account that could modify Active Directory Group Policy Objects (GPOs). This proved to be a fun challenge, as Group Policy files and properties can be bent to our will even when hacking through a straw (SOCKS only, in this case)….

Read

Red Teaming With Cobalt Strike – Not So Obvious Features

August 27, 2020

Since beginning work as a red teamer almost two years ago, I’ve had to learn a lot of new information and tooling. I had never worked with Cobalt Strike before and there were features not obvious to me until I had used it for a while and gained some experience with it. This post will…

Read

Thycotic Secret Server: Offline Decryption Methodology

July 28, 2020

On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that…

Read

Automating a RedELK Deployment Using Ansible

May 28, 2020

As the red team infrastructure needs continue to expand (and grow more complicated), so does the need for infrastructure automation. Red teams are adopting DevOps to improve the speed at which their infrastructure is deployed, hence the rise in usage of tools such as Terraform and Ansible for red teams. In this post, we will…

Read

Practical OAuth Abuse for Offensive Operations – Part 1

May 13, 2020

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to…

Read

Wanted: Process Command Lines

April 9, 2020

As a Red teamer, the key to not getting detected is to blend in. That means that if I need to spawn a new process on a host, it is important that it looks legitimate with command line parameters that look correct. Many system binaries have a set of parameters when they are executed. This…

Read

Red Team Engagement Guide: How an Organization Should React

December 5, 2019

A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, but ones that companies procuring these tests…

Read

Discovering the Anti-Virus Signature and Bypassing It

October 24, 2019

In this post, I am going to go over how to find the specific Anti-Virus signature using manual testing and then show techniques that can be used to bypass them. I am a big fan of LOLBins so we are going to focus on the binary Regsvr32, which is a known binary that can be…

Read
  • Browse by Category

  • Clear Form