Author

Author, Jordan Drysdale, Kent Ickler, Red Team, Red Team Tools Kon-Boot, thumb drive fun

Super Sweet Kon-Boot Demo in GIFs

Jordan Drysdale, victim // Kent Ickler, adversary // In this post, our victim locks their computer and heads out for a coffee refill. The adversary smashes through all system and […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team, Red Team Tools HostRecon, PowerShell, Situational Awareness, tool

HostRecon: A Situational Awareness Tool

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

Read the entire post here

Author, C2, InfoSec 201, John Strand, Red Team anti-virus, AV, Cylance, industry trends

Bypassing Cylance: Part 5 – Looking Forward

John Strand// We just finished up a walk through of how we bypassed Cylance in a previous engagement. To conclude this exciting week, I want to share a few comments […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, Cylance, Cylance Bypass, metasploit meterpreter, PowerShell, PowerShell Empire Agent

Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, bypassing AV, bypassing Cylance, Cylance, Ncat, netcat, Nishang, Nishang ICMP C2 Channel

Bypassing Cylance: Part 3 – Netcat & Nishang ICMP C2 Channel

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, Cylance, Cylance Bypass, dnscat2, Pentesting

Bypassing Cylance: Part 2 – Using DNSCat2

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, bypassing Cylance, Cylance, VSAgent.exe

Bypassing Cylance: Part 1 – Using VSAgent.exe

David Fletcher // Recently, we had the opportunity to test a production Cylance environment. Obviously, each environment is going to be different and the efficacy of security controls relies largely […]

Read the entire post here

Author, InfoSec 201, John Strand, Webcasts blue teaming, cyber insurance, industry standards, infosec, insurance, making effective change, motivation posters, ransomware, red teaming

WEBCAST: Insurance & Ransomeware

John Strand // It’s odd, we try to push security forward through standards like NIST, the Critical Controls, and PCI, but most organizations strive to meet the bare minimum required […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Red Team Tools all the payloads, bash bunny, Hak5, usb, usb exfiltrator, windows XP

How to Get USB_Exfiltration Payload Using the Bash Bunny

Jordan Drysdale // This is a super quick write-up on the first very useful payload we tested and confirmed as 100% reliable on all Windows systems (XP-SP3+) with PowerShell enabled. […]

Read the entire post here