Rogue RDP – Revisiting Initial Access Methods
Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]
Red Team
Introducing LoRa (Long Range) Wireless Technology – Part 1
Ray Felch // This write-up is the first of a multi-part series, providing an introduction to LoRa wireless technology and the LoRaWAN, low-power wide-area network (LPWAN). Interestingly, I came across […]
DNS Over HTTPS for Cobalt Strike
Kyle Avery // Introduction Setting up the C2 infrastructure for red team engagements has become more and more of a hassle in recent years. This is a win for the […]
How to Not Get Scammed on Discord
Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay […]
Understanding Zigbee and Wireless Mesh Networking
Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology […]
How to Phish for User Passwords with PowerShell
tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication […]
Webcast: How to Build a Phishing Engagement – Coding TTP’s
Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Pushing Your Way In
David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon […]
Web App Pen Testing in an Angular Context
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our […]