Intrusion Operations

Red Team Training – BlackHat USA 2019

Learn About Advanced Red Teaming And Malware Customization Have you ever struggled conducting a red team assessment against an organization with mature security programs? Or, maybe, your blue team encountered scenarios where an environment seemed appropriately protected… until it wasn’t. If you know exactly what we are talking about, then our BlackHat red team training…

Read more

A Call for Collaboration

If you didn’t make it to Wild West Hackin Fest 2018, be sure to bookmark their page,, for 2019 tickets. This event was loaded with elite talent, high level training, quality speakers, and plenty of shenanigans. Notably, the keynote was given by Ed Skoudis, who’s presentation titled “The Top Ten Reasons it’s GREAT to…

Read more

Veil Payloads and Veil-Ordnance

I made certain assumptions regarding Veil-Evasion’s payload naming scheme, and how Veil-Ordnance works, only to discover that understanding these tool variations is not as intuitive as I thought.  This post aims to help provide more clarity regarding Veil-Evasion and Veil-Ordnance. Veil-Evasion has different payloads which are organized by different attributes. The best way to think…

Read more

Building a Windows Defender Application Control Lab

Despite an abundance of “building your own lab” articles available online, there really is only one collection of articles that document Windows Defender Application Control (Device Guard), hereby referred to as WDAC: Matt Graeber’s Exploit Monday posts on the topic. I dove into playing with WDAC a year back while developing WMImplant, and I quickly realized that there is pretty limited…

Read more
Egress-Assess Malware Modules

Egress-Assess Malware Moduless

Github Link – Steve Borosh (@424f424f) and I have been working on adding a new type of module into Egress-Assess for a month or two now. Currently, Egress-Assess lets you exfiltrate faux or real data over a variety of different protocols on both Linux and Windows systems.  However, Steve had the idea to create malware…

Read more
Golden Tickets and External SIDs - Spread the Compromise

Golden Tickets and External SIDs – Spread the Compromise

Note: Be sure to check out Sean Metcalf’s (@Pyrotek3) post about this technique available here!  He talked about this at BlackHat USA 2015! Benjamin Delpy (@gentilkiwi) recently tweeted about adding External SIDs into Mimikatz’s golden tickets which was quickly followed up by Skip Duckwall (@Passingthehash) also tweeting how devastating this addition can be to defenders.  Skip said it…

Read more