External/Internal

Author, External/Internal, Jordan Drysdale, Phishing, Red Team Burner Devices, Digital Ocean, Jordan Drysdale, non-attrib, privacy, Red Team, Tracfone

The Non-Attrib Starterpack!

Jordan Drysdale // Let’s start this post at Walmart. Yes, the visit may be attributable against the purchaser via security camera footage retrieved by warrant, so hand your wife/husband/confidant/whomever a […]

Read the entire post here

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

Author, External/Internal, How-To, Jordan Drysdale, Web App Digital Ocean, Jordan Drysdale, Nessus, Vulnerability Scanning

How to Scan Millions of IPv4 Addresses for Vulnerabilities

Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team, Red Team Tools network traffic, Network Vulnerabilities, NetworkRecon.ps1, tools

How to Identify Network Vulnerabilities with NetworkRecon.ps1

David Fletcher //   Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]

Read the entire post here

Author, External/Internal, Red Team, Red Team Tools, Sally Vandeven AD Explorer, DA, domain admin, Pentesting, Shodan

Domain Goodness – How I Learned to LOVE AD Explorer

Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. […]

Read the entire post here

Author, External/Internal, Joff Thyer, Red Team, Red Team Tools Casey Smith, COM+ scriplets, DLL, subtee, Wevade, whitelisting

How to Evade Application Whitelisting Using REGSVR32

Joff Thyer // I was recently working on a Red Team for a customer that was very much up to date with their defenses. This customer had tight egress controls, […]

Read the entire post here

Author, Derek Banks, External/Internal, Red Team kerberoasting, Kerberos

A Toast to Kerberoast

Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Red Team All the Shellz, Debian, metasploit, meterpreter, Nmap, Pentesting, proxychains, Ubuntu

How to Use Nmap with Meterpreter

Brian Fehrman // You’ve sent your phishing ruse, the target has run the Meterpreter payload, and you have shell on their system. Now what? If you follow our blogs, you […]

Read the entire post here