Author, Beau Bullock, External/Internal, Red Team email attack, MailSniper, Microsoft, Microsoft Exchange, MS, Office365, OWA, pen-testing, tools

Abusing Exchange Mailbox Permissions with MailSniper

Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts black hoody required, C2, C2 Channels, command and control, covert c2 channels, hacking, pen-testing

WEBCAST: Two Covert C2 Channels

John Strand // In this webcast, we walk through different tools to establish and test your Command and Control (C2) detection capabilities. Why does this matter? Almost all organizations we […]

Read the entire post here

Author, C2, Kent Ickler, Red Team automation, automation tools, Kent Ickler, PowerShell Empire, robot with boots, Screen

Empire Bootstrapping v2 – How to Pre-Automate All the Things!

Kent Ickler // A robot wearing boots… with straps…. Have you been tasked with automation in the Command and Control (C2) world? If so your goal is to shorten the […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools Bypassing Web-Proxy Filtering, C2 Channels, penetration testing, Pentesting, PowerShell, Web-Proxy Filtering

How to Bypass Web-Proxy Filtering

Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]

Read the entire post here

Author, Jordan Drysdale, Kent Ickler, Red Team, Red Team Tools Kon-Boot, thumb drive fun

Super Sweet Kon-Boot Demo in GIFs

Jordan Drysdale, victim // Kent Ickler, adversary // In this post, our victim locks their computer and heads out for a coffee refill. The adversary smashes through all system and […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team, Red Team Tools HostRecon, PowerShell, Situational Awareness, tool

HostRecon: A Situational Awareness Tool

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

Read the entire post here

Author, C2, InfoSec 201, John Strand, Red Team anti-virus, AV, Cylance, industry trends

Bypassing Cylance: Part 5 – Looking Forward

John Strand// We just finished up a walk through of how we bypassed Cylance in a previous engagement. To conclude this exciting week, I want to share a few comments […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, Cylance, Cylance Bypass, metasploit meterpreter, PowerShell, PowerShell Empire Agent

Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, bypassing AV, bypassing Cylance, Cylance, Ncat, netcat, Nishang, Nishang ICMP C2 Channel

Bypassing Cylance: Part 3 – Netcat & Nishang ICMP C2 Channel

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here