Intrusion Operations

Red Team Training – BlackHat USA 2019

Learn About Advanced Red Teaming And Malware Customization Have you ever struggled conducting a red team assessment against an organization with mature security programs? Or, maybe, your blue team encountered scenarios where an environment seemed appropriately protected… until it wasn’t. If you know exactly what we are talking about, then our BlackHat red team training…

Read more

A Call for Collaboration

If you didn’t make it to Wild West Hackin Fest 2018, be sure to bookmark their page,, for 2019 tickets. This event was loaded with elite talent, high level training, quality speakers, and plenty of shenanigans. Notably, the keynote was given by Ed Skoudis, who’s presentation titled “The Top Ten Reasons it’s GREAT to…

Read more

Base64 Encoding/Decoding with CLM

TLDR – Here’s the link: Why Writing CLM-Compliant V2 Code? Following in the footsteps of those I originally learned from (@mattifestation and @harmj0y), when I first began to learn PowerShell, I tried to force myself to only write PowerShell v2 code. Developing in version 2 ensured that I could use what I wrote on…

Read more

Building a Windows Defender Application Control Lab

Despite an abundance of “building your own lab” articles available online, there really is only one collection of articles that document Windows Defender Application Control (Device Guard), hereby referred to as WDAC: Matt Graeber’s Exploit Monday posts on the topic. I dove into playing with WDAC a year back while developing WMImplant, and I quickly realized that there is pretty limited…

Read more
Egress-Assess Malware Modules

Egress-Assess Malware Moduless

Github Link – Steve Borosh (@424f424f) and I have been working on adding a new type of module into Egress-Assess for a month or two now. Currently, Egress-Assess lets you exfiltrate faux or real data over a variety of different protocols on both Linux and Windows systems.  However, Steve had the idea to create malware…

Read more
Golden Tickets and External SIDs - Spread the Compromise

Golden Tickets and External SIDs – Spread the Compromise

Note: Be sure to check out Sean Metcalf’s (@Pyrotek3) post about this technique available here!  He talked about this at BlackHat USA 2015! Benjamin Delpy (@gentilkiwi) recently tweeted about adding External SIDs into Mimikatz’s golden tickets which was quickly followed up by Skip Duckwall (@Passingthehash) also tweeting how devastating this addition can be to defenders.  Skip said it…

Read more