Red Team

Author, John Strand, Red Team, Red Team Tools, Webcasts Man-in-the-Middle, MITM

Webcast Recording: Man in the Middle Attacks

In this webcast we walked through the current super cool crop of MITM tools. We looked at Bettercap, MITMf and discussed LLMNR and WPAD poisoning attacks.  Also, this was a new […]

Read the entire post here

Author, Beau Bullock, Red Team, Red Team Tools Beau Bullock, build your own, hardware hacking, pen-testing, red teaming

How to Build Your Own Penetration Testing Drop Box

Beau Bullock // TL;DR I compared three single-board computers (SBC) against each other with a specific goal of finding which one would serve best as a “penetration testing dropbox”, and […]

Read the entire post here

C2, Red Team building, C2, http 404, network traffic

How to Build a 404 page not found C2

A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet […]

Read the entire post here

Red Team 64-bit, anti-virus, AV, meterpreter, meterpreter vs. antivirus

Three Simple Disguises for Evading Antivirus

Logan Lembke // Antivirus has been a key component in defending computer systems since the 1990s. Over the years, antivirus began to dominate the discussion of PC security with other […]

Read the entire post here

External/Internal, Red Team 2 factor authentication, 2FA, fun fun fun, MFA, Microsoft, Microsoft Web App Portal, password spraying, passwords

Question:  What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?

Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team Juniper, SSL, SSL VPN concentrator, VPN

Juniper Two Factor VPN & Linux

David Fletcher // On a recent internal penetration test engagement, I was faced with using a Juniper VPN to access the target network. One small problem, Juniper does not formally […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Ethan Robish, Red Team, Red Team Tools Linux, ssh config files, SSH configs

SSH Config Files

Ethan Robish // Here’s a short intro for anyone not familiar with ssh config files, which are usually located at ~/.ssh/config As an example, you have ssh running on port […]

Read the entire post here

Author, Brian King, InfoSec 101, Red Team kitchen remodel, pen-testing, penetration testing, pentest, Pentesting, Red Team, red team your life, red teaming

Book Review: “Red Team – How to Succeed by Thinking Like the Enemy”

Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Password Spray, Red Team domain admin, local admin testing, password, password spraying

Wide-Spread Local Admin Testing

Brian Fehrman // In our experience, we see many Windows environments in which the local Administrator password is the same for many machines. We refer to this as Wide-Spread Local […]

Read the entire post here