C2

Author, C2, InfoSec 201, John Strand, Red Team anti-virus, AV, Cylance, industry trends

Bypassing Cylance: Part 5 – Looking Forward

John Strand// We just finished up a walk through of how we bypassed Cylance in a previous engagement. To conclude this exciting week, I want to share a few comments […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, Cylance, Cylance Bypass, metasploit meterpreter, PowerShell, PowerShell Empire Agent

Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, bypassing AV, bypassing Cylance, Cylance, Ncat, netcat, Nishang, Nishang ICMP C2 Channel

Bypassing Cylance: Part 3 – Netcat & Nishang ICMP C2 Channel

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, Cylance, Cylance Bypass, dnscat2, Pentesting

Bypassing Cylance: Part 2 – Using DNSCat2

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, bypassing Cylance, Cylance, VSAgent.exe

Bypassing Cylance: Part 1 – Using VSAgent.exe

David Fletcher // Recently, we had the opportunity to test a production Cylance environment. Obviously, each environment is going to be different and the efficacy of security controls relies largely […]

Read the entire post here

C2, Red Team C2, DNS C2, dnscat2, PowerShell, tunneling

PowerShell DNS Command & Control with dnscat2-powershell

Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]

Read the entire post here

Author, C2, David Fletcher, Red Team Apple, Install, Mac, Malware, phishing

How to Phish for Geniuses

David Fletcher // Recently we were involved in an engagement where we expected to see a large number of Macs in the target environment. As an element of the engagement […]

Read the entire post here

C2, Red Team exploit, malicious outlook rules, Outlook, Sacred Cash Cow Tipping

Malicious Outlook Rule without an EXE

 Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]

Read the entire post here

C2, Red Team C2, Google Drive

Google Docs becomes Google SOCKS: C2 Over Google Drive

Luke Baggett // If you’re monitoring a network with internet access, it’s almost inevitable that you’re going to see a lot of traffic to and from Google servers. Blending in […]

Read the entire post here