Blog
I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking
Email Delivery – What Pen Testers Should Know
Blog
Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the
Blog
In 2011, I participated in an exercise. The exercise ran for 60 hours straight, forcing the red team to work in shifts. The event was
Blog
The 2013 National CCDC season ended in April 2013. One topic that I’ve sat on since this year’s CCDC season ended is feedback. Providing meaningful and
Blog
Last weekend, I was enjoying the HackMiami conference in beautiful Miami Beach, FL. On Sunday, they hosted several hacking challenges in their CTF room. One
Blog
Before developing Cobalt Strike, I conducted interviews with several penetration testing practitioners. I wanted to dig into their process, the tools they used, the gaps
Blog
Saturday, 6:30pm ended my 2013 red teaming season. I’ve participated in the Collegiate Cyber Defense Competition as a red team volunteer since 2008. I love
Blog
Western Regional CCDC was pretty epic. Given the level of interest in red activity, I’d like to share what I can. So much happened, I
Blog
Last year I gave a talk on Force Multipliers for Red Team Operations. In that talk, I elaborated on my search for capabilities that make
Blog
In June 2012, I released Cobalt Strike, a commercial penetration testing package that picks up where Armitage leaves off. Cobalt Strike is a direct expression of what I