Adding Egress Brute Force to PowerShell Payloads
Guest post* by Robert Schwass // We’ve all been there. You craft the perfect phishing email, register a great domain name, your multi handler is set up ever so perfectly. And […]
Red Team
Downloading an Address Book from an Outlook Web App (OWA) Portal
Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]
Let’s Get Physical* Part 1; Defeating Wetware Access Controls
Sally Vandeven // I found myself with a little extra time one day (and I didn’t tell my project manager) so I thought it would be a great time to […]
Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV
Brian Fehrman (With shout outs to: Kelsey Bellew, Beau Bullock) // In a previous blog post, we talked about bypassing AV and Application Whitelisting by using a method developed by Casey Smith. In […]
Google Docs becomes Google SOCKS: C2 Over Google Drive
Luke Baggett // If you’re monitoring a network with internet access, it’s almost inevitable that you’re going to see a lot of traffic to and from Google servers. Blending in […]
Webcast Recording: Man in the Middle Attacks
In this webcast we walked through the current super cool crop of MITM tools. We looked at Bettercap, MITMf and discussed LLMNR and WPAD poisoning attacks. Also, this was a new […]
How to Build Your Own Penetration Testing Drop Box
Beau Bullock // TL;DR I compared three single-board computers (SBC) against each other with a specific goal of finding which one would serve best as a “penetration testing dropbox”, and […]
How to Build a 404 page not found C2
A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet […]
Three Simple Disguises for Evading Antivirus
Logan Lembke // Antivirus has been a key component in defending computer systems since the 1990s. Over the years, antivirus began to dominate the discussion of PC security with other […]