In this BHIS webcast we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD, and cover the awesome toolkit from Thinkst. We also cover some of the legal ramifications involved in do this. Download slides: https://www.activecountermeasures.com/presentations/ I am covering this […]
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Download slides: https://www.activecountermeasures.com/presentations/ Turns out, by […]
Podcast: Play in new window | Download
Carrie Roberts//* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for future reference. I hope it proves useful to you as well. I do “adversary simulation” for work and so I present this information using terms like […]
Take a good look at Bitcoin right now… these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely undermine all blockchain technologies? Since Bitcoin is crashing and burning we figured it would be a good time to have a webcast on blockchain security […]
Podcast: Play in new window | Download
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Turns out, by harnessing the powah of C# and the .NET framework you […]
John Strand// Hello all, Well, this is a painful post to write, so I will get right to it. I am on my last run of classes with the SANS Institute. And, this is a good thing. It is a good thing for SANS SEC504, it is a good thing for me, my family, and […]
Carrie Roberts//* (Updated 2/26/2019) Note: Windows Defender added a detection on 2/25/2019 which now detects this method as “AmsiTamper.A” Windows Defender does a good job of blocking many attacks including attempts to establish Command & Control (C2) sessions with published tools like PowerShell Empire. I was recently looking for a way to establish such a […]
Take a good look at Bitcoin right now… these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely undermine all blockchain technologies? Download slides: https://www.activecountermeasures.com/presentations/ Since Bitcoin is crashing and burning we figured it would be a good time to have a webcast […]
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A few months ago, a co-worker mentioned to me that InSpy was now requiring an API key. I found out that the updated version did in […]
