Dirty Red Team Tricks II at Derbycon 2.0
Last year, I spoke on Dirty Red Team Tricks at Derbycon. This talk was a chance to share what I had used at the Collegiate
Deprecation Notice: Metasploit source checkouts will NO LONGER update over SVN – Move to Git
The official home of the Metasploit Framework’s source code has been github for a while now. Ever since the move to Git, Rapid7 has operated
Delivering custom payloads with Metasploit using DLL injection
I’m very interested in supporting alternative remote administration tools in Cobalt Strike. Meterpreter is awesome as an active RAT, but I need something less chatty
DARPA’s Cyber Fast Track: My Experience
Last week, I received a grant from DARPA through the Cyber Fast Track program. I consider this a big milestone in my personal career. If
CredBandit (In memory BOF MiniDump) – Tool review – Part 1
One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome
Create listeners with an aggressor script – listener_create_ext
This short post is a follow up to the post “Manage Cobalt Strike with Services” where I described a method to automate Cobalt Strike teamservers
Create a proxy DLL with artifact kit
DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a Red Team engagement to help measure these defenses.
Covert VPN – Layer 2 Pivoting for Cobalt Strike
Currently, I’m debating a class of social engineering “packages” to force SMB requests against an attacker controlled system. Ideas include packages to generate LNK files,
Covert Lateral Movement with High-Latency C&C
High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a
Cortana: real-time collaborative hacking… with bots
At BSides Las Vegas, I talked about Force Multipliers for Red Team Operations. In this talk, I shared several stories about how my evil bots stole passwords,