Blog
Sometimes, it’s easy to get code execution in a network, but very difficult to egress out of it. When you are an external actor trying
Evade Egress Restrictions with Staged Payloads
Blog
One of my favorite Metasploit Framework modules is psh_web_delivery. You can find it in exploits -> windows -> misc. This module starts a local web
Blog
I have a philosophy. Armitage should make common actions simple and efficient. As soon as you need to break away into an uncommon action, use
Blog
A few days ago, I posted the YouTube playlist on Twitter and it’s made a few rounds. That’s great. This blog post properly introduces the
Blog
The reason I’m in security today is because of the US Air Force’s Advanced Course in Engineering Cyber Security internship program. I turned down an internship at
Blog
I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking
Blog
Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers
Blog
Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the
Blog
Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather
Blog
Cobalt Strike’s Java Applet attacks inject shellcode into memory. Injecting into memory is valuable as it helps get past application whitelisting and can help evade