Resources

For a long time, I’ve wanted the ability to use PowerUp, Veil PowerView, and PowerSploit with Cobalt Strike. These are useful post-exploitation capabilities written in

Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of

Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already

Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers

Just in time for this weekend’s North East Collegiate Cyber Defense Competition event, I have a fresh update to Armitage and Cobalt Strike. Here’s the

Joel Spolsky is one of my favorite writers on the topic of software development. He coined a 12-step Joel Test to determine if your company

Java is a popular vector for penetration testers and those who penetrate networks without an invitation. An attacker creates a website to host a Java

I’m very interested in supporting alternative remote administration tools in Cobalt Strike. Meterpreter is awesome as an active RAT, but I need something less chatty

Recently, there was an interesting discussion on the metasploit-framework mailing list about the staging protocol for Meterpreter. egypt let loose with some wisdom about what

Currently, I’m debating a class of social engineering “packages” to force SMB requests against an attacker controlled system. Ideas include packages to generate LNK files,