Why is notepad.exe connecting to the internet?
To the observant network defender, notepad.exe connecting to the internet is a key indicator of compromise. In this blog post, I’d like to explain why
Why is rundll32.exe connecting to the internet?
Previously, I wrote a blog post to answer the question: why is notepad.exe connecting to the internet? This post was written in response to a generation
Windows Access Tokens and Alternate Credentials
I’d like to call your attention to the humble runas.exe program on Windows. This program allows a Windows user to spawn another program with another
WinRM is my Remote Access Tool
One of my favorite blog posts last year was Adversary Tricks and Treats from CrowdStrike. In this post, CrowdStrike details the tradecraft of an actor
WRCCDC – A Red Team Member’s Perspective
Western Regional CCDC was pretty epic. Given the level of interest in red activity, I’d like to share what I can. So much happened, I
Writing Beacon Object Files: Flexible, Stealthy, and Compatible
Our colleagues over at Core Security have been doing great things with Cobalt Strike, making use of it in their own engagements. They wrote up