My Software Development Practices: The Joel Test
Joel Spolsky is one of my favorite writers on the topic of software development. He coined a 12-step Joel Test to determine if your company
My VirtualBox Penetration Testing Lab
Last week I taught an Advanced Threat Tactics course at the Lonestar Application Security conference. I like to provide ample hands-on opportunities in my courses.
Named Pipe Pivoting
One of my favorite features in Cobalt Strike is its ability to pivot over named pipes. A named pipe is a way for two programs
Nanodump: A Red Team Approach to Minidumps
Motivation It is known that dumping Windows credentials is a technique often utilized for everyday attacks by adversaries and, consequently, Red Teamers. This process has
National CCDC Red Team – Fair and Balanced
Saturday, 6:30pm ended my 2013 red teaming season. I’ve participated in the Collegiate Cyber Defense Competition as a red team volunteer since 2008. I love
New home for Cobalt Strike malleable c2 profiles and scripts
The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog
New Mouse in the House: Zero-Point Security Training Joins the Fortra Family
For those who don’t know me, my name is Daniel Duggan, known online as RastaMouse. I spent over a decade working as a penetration tester
Obituary: Java Self-Signed Applet (Age: 1.7u51)
The Java Signed Applet Attack is a staple social engineering option. This attack presents the user with a signed Java Applet. If the user allows
Offense in Depth
I regularly receive emails along the lines of “I tried these actions and nothing worked. What am I doing wrong?” Hacking tools are not magical
One Shot, One Kill – An Intelligent Web Drive-by Exploit Server
One of my favorite features in Cobalt Strike is the system profiler. This web application digs deep into your browser to discover the client-side applications