by bneg | May 31, 2016 | Tutorial - Red Team
In Part One we went over the reasons for having a resilient C2 infrastructure, and what it should look like. In summary, we want to have two or more internet accessible servers to host the different stages and classes of our Command and Control (C2). A host to store...
by bluescreenofjeff | May 24, 2016 | Tutorial - Red Team
Six weeks ago I had the opportunity to Red Team for Pacific Rim CCDC. I love doing this competition because it gives me a chance to do things one would never be allowed to do on a real network and it forces me think about a different set of problems than a pentest or...
by bneg | May 17, 2016 | Tutorial - Red Team
In this two-part series, we will walk through building an infrastructure to host your command and control (C2). At the end of this series, you should have at least two servers ready for your engagement. One server will be a simple web server to host your stagers, and...
by bluescreenofjeff | May 10, 2016 | Tutorial - Red Team
On more than a few occasions phishing recipients have forwarded my phish to IT. The first indication is usually when I’m watching the access logs like a hawk and see multiple GET requests with a user’s token, yet haven’t received any credentials or beacon sessions....
by Tyler Butler | May 3, 2016 | Tutorial - Blue Team, Tutorial - Red Team
When I’m on an engagement, one of my favorite value-adds for a client is conducting an informal password audit. While most organizations have realized the importance of maintaining password standards, most overestimate how secure their users’ passwords are...
by bluescreenofjeff | Apr 26, 2016 | Tutorial - Red Team
Any phishing campaign involving an active incident response element usually requires some evasive steps to prolong its longevity. This often includes being stealthier, performing anti-forensics actions, or avoiding certain tradecraft altogether. Phishing is no...