I define threat replication as a penetration test that looks like an attack from an APT actor. Assessments that involve threat replication are more than a test of technical controls. Threat Replication is a full exercise of a customer’s analytical process and ability to attribute and respond to an APT. These definitions are all well […]
Read More… from Cobalt Strike 2.0 – Malleable Command and Control
When I participate in an exercise, with multiple target networks and a large red team, I favor splitting the team up into cells. Each cell owns a target network and is responsible for any objectives that must occur in that target network. These cells are supported by an access management team. The access management team […]
I see egress as one of the biggest pains in the offensive space. If your target has zero egress controls—don’t worry about anything I have to say here. If you’re up against a harder target, read on—I think I’m close to cracking this problem. You need different payloads for different phases of your engagement. I […]
High latency communication allows you to conduct operations on your target’s network, without detection, for a long time. An example of high-latency communication is a bot that phones home to an attacker’s web server to request instructions once each day. High latency communication is common with advanced threat malware. It’s not common in penetration testing […]
Read More… from Covert Lateral Movement with High-Latency C&C
Information Security is a strange field. There are probably few professions with such a wide range of social skills and preferences as the information security profession. Personally, I think this is what’s fun. It’s pretty cool that an MC can take a shot of vodka before introducing a speaker at a conference. Unfortunately, the perceived […]
UAC is User Account Control. Introduced in Windows Vista, UAC is a collection of technologies that make it convenient possible to use Windows without administrator privileges and elevate your rights when needed. UAC has a lot of moving parts and encompasses a lot of things. This post focuses on Windows Integrity levels and UAC elevation […]
Read More… from User Account Control – What Penetration Testers Should Know
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college students who must defend computer networks riddled with security holes. For the second year, my company is making Cobalt Strike available to members of the National CCDC and Regional CCDC red teams. […]
Read More… from CCDC Red Teams: Ten Tips to Maximize Success
I’m the developer of a commercial penetration testing product, Cobalt Strike. People are often amazed that I have a free 9-part Penetration Testing course on my website. This 9-part course is all of the material from my paid two-day class: Advanced Threat Tactics. Why do I give away my training product, for free? I know […]
Read More… from Why I give all of my training material away—for free
The Java Signed Applet Attack is a staple social engineering option. This attack presents the user with a signed Java Applet. If the user allows this applet to run, the attacker gets access to their system. Val Smith’s 2009 Meta-Phish paper made this attack popular in the penetration testing community. Last week’s Java 1.7 update […]
Read More… from Obituary: Java Self-Signed Applet (Age: 1.7u51)
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather, they register many domains and setup several systems to act as redirectors (pivot points) back to their command and control server. As of last week, Cobalt Strike now has full […]
Read More… from Cloud-based Redirectors for Distributed Hacking