How to Inject Shellcode from Java
Cobalt Strike’s Java Applet attacks inject shellcode into memory. Injecting into memory is valuable as it helps get past application whitelisting and can help evade
How to Milk a Computer Science Education for Offensive Security Skills
Recently, a poster on reddit asked how to get into offensive security as a student studying Computer Science. Before the post was removed, the poster expressed
How to Pass-the-Hash with Mimikatz
I’m spending a lot of time with mimikatz lately. I’m fascinated by how much capability it has and I’m constantly asking myself, what’s the best
How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team
Beat the Talent Shortage With Internal Development To protect vital systems and data, organizations must create cybersecurity programs containing the right mix of security tools
How VPN Pivoting Works (with Source Code)
A VPN pivot is a virtual network interface that gives you layer-2 access to your target’s network. Rapid7’s Metasploit Pro was the first pen testing product
HOWTO Integrate third-party tools with Cortana
One of the goals of Cortana is to give you the ability to integrate third-party tools and agents into Armitage and Cobalt Strike’s red team
HOWTO: Port Forwards through a SOCKS proxy
Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature
HOWTO: Reset Your Cobalt Strike License Key
Time to time, I hand out Cobalt Strike license keys to non-customers. Sometimes these are to support an event (e.g., the National CCDC Red Team).
HTTP Proxy Authentication for Malware
I spend a lot of time thinking about what my tools can and can’t do. One of the weakest points for penetration testing tools is
In-Memory Evasion
Many analysts and automated solutions take advantage of various memory detections to find injected DLLs in memory. Memory detections look at the properties (and content)