Why Implicit Deny?
Implicit Deny was started by a like-minded group of information security professionals from a variety of backgrounds. After months of swapping war stories, hacks, mitigations, workarounds, and best practices, they realized they were all asking the same question: Why does Information Security seem so difficult?
Evading Filters with Traffic Tunnels
Tunnels are simple tools that can help you evade walls and filters. Consider a wall that selects traffic based on logical rules. If you can encapsulate your traffic in a way that agrees with the filtering rules, your traffic will pass inspection and flow through. Use... read more
InfoSec from Scratch, Part Two: Get with the Program (Structure)
Introduction This is the second post in our series on Information Security Management. In the first post of the series we discussed the importance of having upper level support for your information security program. In this post we will discuss the actual structure of... read more
Finding Diamonds in the Rough: Parsing for Pentesters
Parsing data is a fundamental ability that anyone serious about information security should consider putting time and effort into understanding. It can mean the difference between spamming Ctrl+F in a text editor and pulling out exactly what you need with a Bash... read more
User Creeping with WMI Events
Introduction and Intent Since watching FireEye FLARE’s 'WhyMI So Sexy?' at Derbycon last September, I have wanted to better understand WMI Events and apply them to offensive security operations. I saw the potential, but my comprehension was lacking and a comprehensive... read more
Pentesting the Hard Way, Part One: What is a Pentest?
Over the years, I have seen many penetration test reports that heavily rely on the results of a vulnerability scanner such as Nessus or Qualys. While vulnerability scans are a critical component of a functional security program and are often included in security... read more
Empire Post Exploitation – Unprivileged Agent to DA Walkthrough
Let's say you've successfully phished a client, and now have an Empire agent on a victim computer. Congratulations! Establishing an initial foothold on a network, with either a .hta link or an office macro (excellent write-up using this method by @enigma0x3), is one... read more
Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite
Imagine you are performing a Red Team engagement. So far it’s been very hard, fighting tooth and nail to get each step closer to totally owning their network. You finally get internal network access and things are stable. Everything looks good on your end, but on the... read more
Security for Everybody: Secure Your Browser
Take a moment to consider this question: What is the most important piece of software on your computer right now? Maybe you have some expensive industry-specific licensed juggernaut. Maybe you're a home user who just really likes Solitaire. But I would suggest that... read more
InfoSec from Scratch, Part One: Manage Your Management
This is the first post in a series designed to help information security professionals build an InfoSec program from scratch, or to help people find ways to improve their existing programs. Information security management is a daunting task, and understanding and... read more
Blue Teaming for Pacific Rim CCDC 2016
Blue Teaming for a CCDC event is a harrowing experience. You are thrown into an unknown environment with patchy documentation and some client machines with which to access servers, and the full knowledge that you’ve got mere hours before the much more experienced Red... read more
Rome Didn’t Fall in a Day: Building A Resilient Empire C2, Part Two
In Part One we went over the reasons for having a resilient C2 infrastructure, and what it should look like. In summary, we want to have two or more internet accessible servers to host the different stages and classes of our Command and Control (C2). A host to store... read moreRed Teaming for Pacific Rim CCDC 2016
Six weeks ago I had the opportunity to Red Team for Pacific Rim CCDC. I love doing this competition because it gives me a chance to do things one would never be allowed to do on a real network and it forces me think about a different set of problems than a pentest or... read more
Rome Didn’t Fall in a Day: Building A Resilient Empire C2, Part One
In this two-part series, we will walk through building an infrastructure to host your command and control (C2). At the end of this series, you should have at least two servers ready for your engagement. One server will be a simple web server to host your stagers, and... read more
Expire Phishing Links with Apache RewriteMap
On more than a few occasions phishing recipients have forwarded my phish to IT. The first indication is usually when I’m watching the access logs like a hawk and see multiple GET requests with a user’s token, yet haven’t received any credentials or beacon sessions.... read more
Cracking Domain Passwords from NTDS.dit with Metasploit and john
When I'm on an engagement, one of my favorite value-adds for a client is conducting an informal password audit. While most organizations have realized the importance of maintaining password standards, most overestimate how secure their users' passwords are when they... read moreCombatting Incident Responders with Apache mod_rewrite
Any phishing campaign involving an active incident response element usually requires some evasive steps to prolong its longevity. This often includes being stealthier, performing anti-forensics actions, or avoiding certain tradecraft altogether. Phishing is no... read more
Operating System Based Redirection with Apache mod_rewrite
At times you may find yourself testing an environment comprised of a fair mix of operating systems. Maybe the marketing department is half Windows and half Mac OS X. In these cases, it may not be feasible to determine users’ operating systems via a preliminary phish.... read more
Getting Started with Powershell Empire
I decided to take some screenshots of Powershell Empire today while performing payload analysis. Below is a quick, down and dirty, walkthrough to get you going with Powershell Empire. Keep in mind I have only looked at the slideshow at this point. I really like the... read more
Invalid URI Redirection with Apache mod_rewrite
There have been times when a curious phish recipient or a zealous help desk staff has loaded the phishing link in their browser and decided to take a peek at a higher directory or the root domain. Of course, most times there isn’t much else site to see. In those... read more