BITS Persistence for Script Kiddies

June 29, 2021

Introduction Using and abusing the BITS service is a lot of fun. I can’t believe Windows just gives away this hacker tool for free. But wait, wait, are you telling me that there’s more? Does it come with a free blender? What else can this service do for me? In the last installment, we covered…

Read

BITS for Script Kiddies

April 13, 2021

Introduction Well, I finally popped a box, but the EDR keeps sucking up all my tools. There must be a way to do some basic things on the box without getting caught. How can I poke around and do some stuff without possibly burning all my tools? After all the hard work of getting onto…

Read

COFFLoader: Building your own in memory loader or how to run BOFs

February 22, 2021

Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that’s the case, you came to the right place. In this post, we’ll go through the basic steps of understanding and building an in-memory loader…

Read

Front, Validate, and Redirect

February 16, 2021

In the age of threat hunting, automated mass scanning, and the occasionally curious SOC, properly securing your command and control (C2) infrastructure is key to any engagement. While many setups today include a CDN Domain Front with a custom Nginx or Apache ruleset sprinkled on top, I wanted to share my recipe for success. Fully…

Read

Group Policy for Script Kiddies

February 11, 2021

Introduction I’ve finally moved up in the world and am pwning companies instead of n00bs, but all the workstations are locked down. What is this Group Policy thing? Why is it harshing my mellow? So, you’ve finally moved up into the big leagues. You’re no longer wasting your time hacking your friends, parents, or that…

Read

Injecting Rogue DNS Records Using DHCP

February 2, 2021

During an Internal Penetration Test or Adversarial Attack Simulation (Red Team), TrustedSec will deploy a rogue, Linux-based networking device onto a client’s network. These devices will sometimes obtain an IP address via DHCP and establish an outbound connection wherein we can perform our testing. Every client network is different, but we have noticed that a…

Read

Tailoring Cobalt Strike on Target

January 28, 2021

We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic…

Read

SolarWinds Backdoor (Sunburst) Incident Response Playbook

December 17, 2020

Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. This…

Read

Setting the ‘Referer’ Header Using JavaScript

September 29, 2020

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense…

Read

Malicious Macros for Script Kiddies

August 4, 2020

Introduction Macros seem like the new hotness amongst hackers, but I thought macros were just simple scripts that some accountant in finance used to simplify their spreadsheets. How can I use and abuse these things to Hack the Planet and rule the world? How can something designed in the 90s still be relevant? In previous…

Read
  • Browse by Category

  • Clear Form