Offensive IoT for Red Team Implants (Part 2)
This is Part Two of the blog series, Offensive IoT for Red Team Implants, so if you have not read PART ONE, I would encourage you do to so first […]
Red Team
Offensive IoT for Red Team Implants – Part 1
This is part one of a multipart blog series on researching a new generation of hardware implants and how using solutions from the world of IoT can unleash new capabilities. […]
Deploy an Active Directory Lab Within Minutes
Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […]
Red Teaming: A Story From the Trenches
This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]
How to Install and Perform Wi-Fi Attacks with Wifiphisher
tl;dr: Install Wifiphisher on Kali and run a basic attack. This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024). Two […]
The Human Element in Cybersecurity: Understanding Trust and Social Engineering
Human Trust Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]
Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets
The WebSocket Protocol, standardized in 2011 with RFC 6455, enables full-duplex communication between clients and web servers over a single, persistent connection, resolving a longstanding limitation of HTTP that hindered […]
Wishing: Webhook Phishing in Teams
Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]
Initial Access Operations Part 2: Offensive DevOps
The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]