Supply Chain Woes – Attacks and Issues in IT Infrastructure: What Can We Do?

September 21, 2021

All businesses operate on the principle that a certain level of trust is necessary between the business itself and the IT components that comprise its supporting infrastructure. These components include hardware and software, as well as the vendors who provide services to the infrastructure. Securing a business supply chain is a big challenge, not only…

Read
Blog post cover

Obsidian, Taming a Collective Consciousness

September 7, 2021

The Problem On August 05, 2021, a member of the Conti ransomware group leaked some of the group’s internal playbooks and technical documentation. Irrespective of any details surrounding the leak or its contents, the event itself prompted a more widespread examination of how teams’ maintain their operational playbooks and documentation. A tweet by Mubix came…

Read

Oh, Behave! Figuring Out User Behavior

August 19, 2021

One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that…

Read

BITS Persistence for Script Kiddies

June 29, 2021

Introduction Using and abusing the BITS service is a lot of fun. I can’t believe Windows just gives away this hacker tool for free. But wait, wait, are you telling me that there’s more? Does it come with a free blender? What else can this service do for me? In the last installment, we covered…

Read

BITS for Script Kiddies

April 13, 2021

Introduction Well, I finally popped a box, but the EDR keeps sucking up all my tools. There must be a way to do some basic things on the box without getting caught. How can I poke around and do some stuff without possibly burning all my tools? After all the hard work of getting onto…

Read

COFFLoader: Building your own in memory loader or how to run BOFs

February 22, 2021

Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that’s the case, you came to the right place. In this post, we’ll go through the basic steps of understanding and building an in-memory loader…

Read

Front, Validate, and Redirect

February 16, 2021

In the age of threat hunting, automated mass scanning, and the occasionally curious SOC, properly securing your command and control (C2) infrastructure is key to any engagement. While many setups today include a CDN Domain Front with a custom Nginx or Apache ruleset sprinkled on top, I wanted to share my recipe for success. Fully…

Read

Group Policy for Script Kiddies

February 11, 2021

Introduction I’ve finally moved up in the world and am pwning companies instead of n00bs, but all the workstations are locked down. What is this Group Policy thing? Why is it harshing my mellow? So, you’ve finally moved up into the big leagues. You’re no longer wasting your time hacking your friends, parents, or that…

Read

Injecting Rogue DNS Records Using DHCP

February 2, 2021

During an Internal Penetration Test or Adversarial Attack Simulation (Red Team), TrustedSec will deploy a rogue, Linux-based networking device onto a client’s network. These devices will sometimes obtain an IP address via DHCP and establish an outbound connection wherein we can perform our testing. Every client network is different, but we have noticed that a…

Read

Tailoring Cobalt Strike on Target

January 28, 2021

We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic…

Read
  • Browse by Category

  • Clear Form