C2, How-To, Informational, Red Team, Red Team Tools .Net, Carrie Roberts, PowerShell, PowerShell Empire, Red Team, Windows 10, Windows Defender

Getting PowerShell Empire Past Windows Defender

Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]

Read the entire post here

Author, Beau Bullock, Informational, InfoSec 101, John Strand, Webcasts Attacks, Beau Bullock, BHIS, Bitcoin, Blockchain, john strand

BHIS Webcast: Blockchain and You! InfoSec Edition

Take a good look at Bitcoin right now… these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely […]

Read the entire post here

How-To, Password Spray, Recon, Red Team, Red Team Tools InSpy, password spraying, recon, recon tool, red team tools

I Spy with InSpy v3.0

Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A […]

Read the entire post here

Author, Blue Team, How-To, Informational, InfoSec 101, Jordan Drysdale Blue Team, Defensive Strategies, Jordan Drysdale, Security Strategies, Small Business, Small Business Security

Small and Medium Business Security Strategies: Part 5

Jordan Drysdale// tl;dr Inventory management and personnel management are critical to making this work. Often, the difference between your company becoming a statistic and catching someone with a foothold in […]

Read the entire post here

Author, John Strand, Red Team, Webcasts anti-virus, carbonblack, endpoint security, how to bypass Anti Virus, pen-testing, penetration testing, Red Team, Sacred Cash Cow Tipping

Webcast: Sacred Cash Cow Tipping 2019

John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of […]

Read the entire post here

How-To, Informational C2, command and control, PowerShell Empire, SSH, SSHazam

SSHazam: Hide Your C2 Inside of SSH

Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell […]

Read the entire post here

Fun & Games, Informational, Social Engineering general infosec, informational, social engineering

Social Engineering in Japan

Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, “The default creds are probably printed on the back; […]

Read the entire post here

Author, Beau Bullock, Mike Felch, Red Team Tools, Webcasts Azure, Azure Active Directory, RDP, RDP logging Bypass, webcast

WEBCAST: RDP Logging Bypass and Azure Active Directory Recon

For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Red Team BlueTeam, Cisco, External Pentest, internal pentest, Inventory, Jordan Drysdale, Nessus, RedTeam, SIET

Cisco Smart Install Escalation and Update!

Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also […]

Read the entire post here