Agentless Post Exploitation
Agentless Post Exploitation is using system administration capabilities to meet post-exploitation objectives, without an agent on the target. It’s just evil system administration. This talk
Agent Deployed: Core Impact and Cobalt Strike Interoperability
Core Impact 20.3 has shipped this week. With this release, we’re revealing patterns for interoperability between Core Impact and Cobalt Strike. In this post, I’ll
Adversary Simulation Becomes a Thing…
There is a growing chorus of folks talking about simulating targeted attacks from known adversaries as a valuable security service. The argument goes like this: penetration testers
Advanced Threat Tactics Training
I share a lot from my experiences playing on exercise red teams. I talk about the tactics to collaborate, persist on systems, and challenge network defenders
Advanced Threat Tactics – Course and Notes
The release of Cobalt Strike 3.0 also saw the release of Advanced Threat Tactics, a nine-part course on red team operations and adversary simulations. This
A Vision for Distributed Red Team Operations
Last year I gave a talk on Force Multipliers for Red Team Operations. In that talk, I elaborated on my search for capabilities that make
A Red Teamer Plays with JARM
I spent a little time looking into Saleforce’s JARM tool released in November. JARM is an active tool to probe the TLS/SSL stack of a listening
A Quick Guide to Bug Reports
One of the hardest parts of being a developer is working with bug reports and support requests disguised as bug reports. Some people write very
A loader for Metasploit’s Meterpreter
Recently, there was an interesting discussion on the metasploit-framework mailing list about the staging protocol for Meterpreter. egypt let loose with some wisdom about what
A History of Cobalt Strike in Training Courses
In 2011, I was invited to Austin, TX by the local ISSA and OWASP chapters to teach a class on Armitage and the Metasploit Framework.