BHIS Webcast: Tracking Attackers. Why Attribution Matters and How To Do It.
In this BHIS webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD and […]
How-To
The RDP Through SSH Encyclopedia
Carrie Roberts //* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for […]
Getting PowerShell Empire Past Windows Defender
Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]
I Spy with InSpy v3.0
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A […]
Small and Medium Business Security Strategies: Part 5
Jordan Drysdale// tl;dr Inventory management and personnel management are critical to making this work. Often, the difference between your company becoming a statistic and catching someone with a foothold in […]
SSHazam: Hide Your C2 Inside of SSH
Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell […]
Healthy Hacking with the Treadmill Elliptical Desk: My journey to staying healthy while hacking!
Carrie Roberts*// I’m a red teamer, I love my job but I spend way too much time at a desk in front of a computer. This year I wanted to […]
How To: C2 Over ICMP
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what […]
How I Cracked a 128-bit Password
Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG, can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying […]