Reading Time: 5 minutes I’ve been looking at the public version of PoshC2 and how easy it can be to detect, yet it is still exceptionally successful at bypassing a significant number of so-called EDRs and AVs – even more so if the execution method is fairly good – GadgettoJS is still undetected by a lot of AV solutions. I should probably highlight I am absolutely not a malware analyst, but if I can find these obvious IOCs in two or so hours, hopefully…
Reading Time: 9 minutes TLDR: Consider adopting some of the JSOC communication rules for your organisations, and empower your highly skilled staff to communicate across the enterprise and make potentially disruptive decisions to prevent the situation worsening. Your organisation hired them for a reason, so trust them to make decisions without micromanagement. Your existing organisational processes are unlikely to be well suited to a fast-moving cyber incident unless you have an ongoing programme of real-world exercising and purple teaming and have worked through the friction….
Reading Time: 14 minutes Note: If anyone knows of a better / simpler / suited to automation / more lightweight solution to this problem please let me know @BaffledJimmy! Why Modern enterprises are complex beasts, with shadow IT, unruly configuration management and hybrid cloud deployments being business as usual. Throughout a red team engagement, it is difficult to maintain operational safety and security, whilst also maximising your visibility of the target environment and ensuring that your phishes, weaponised artifacts and communications channels are appropriately…
Reading Time: 6 minutes Large organisations are now including Splunk as part of their monitoring suite, but a significant number are not securing their installations properly. Organisations either use plaintext protocols for the web based control panel, or do not activate the anti-brute force protections within the Splunk user control panel. Splunk is also capable of using Active Directory based authentication, which may link into other administrative credential management such as CyberArk. I’m going to run through a demonstration of how one poorly configured…
Reading Time: 3 minutes Many organisations make use of the Cisco ASA series of devices to provide their users with VPN connectivity. Usually it is configured through an ASA management application and users connect using the Cisco AnyConnect VPN Client. There are a myriad of ways to provide authentication, with Google Authenticator, machine certificates and Active Directory integration being the most common. Organisations often then direct their users to a URL such as https://vpn.organisation.com which will prompt them to download the latest version of…
Reading Time: 5 minutes I have a thing for abusing sysadmin tools and trying to live off the land as much as possible. This post discusses the possibility of a management host being compromised, and an entire estate being affected very quickly. Less ethical people could even create an Ansible playbook to start crypto mining or similar, but this post will focus on pentest persistence through various methods. This post actually grew out the work I was doing to automate C2 infrastructure using Terraform…
Reading Time: 6 minutes I recently attended the 7 Day Boot Camp from Firebrand UK. Over here, Firebrand have a reputation for being quite pricey which puts a lot of budget managers off when they see the headline figure. However, you get what you pay for and I would recommend them for your organisation’s training. They also do a Firebrand Passport which can give you pretty large discounts when you buy blocks of training upfront – ideal for larger organisations or those with a…
Reading Time: < 1 minute We tend to spend a lot of time stuck in hotel rooms or data centres, crunched over a computer. Coupled with a swanky expenses policy can mean a rapidly expanding waistline and poor CV health. Plenty of research exists to suggest that this is a ‘BAD THING’. This quick workout is something that you can adapt and add to as you get fitter or more robust. You don’t need anything apart from time to complete this workout, however if you…
Reading Time: 12 minutes Next on the list of walkthroughs to be transcribed to my new domain is Necromancer. This is a good multi-layered CTF which taught me a lot when I did it back in mid-2016. What things appear to be, can often be a trick! Rather than simply copy my previous writeup, I decided to reroot the box afresh as I couldn’t remember anything. It was pretty heartening to see my improved methodology and TTPs work well.
Reading Time: 2 minutes I’ve recently decided to migrate my home lab from Virtualbox on Xubuntu onto ESXi 6.0, to try and speed things up slightly. Due to the slightly ancient Microserver I am running (N54L with 16GB RAM and tweaked BIOS) there is no way to get decent RAID running without adding in a replacement RAID controller. Lots of people decide to plump for the P410 and they can be found pretty cheap on Ebay. This quick article is primarily to serve as…