-
Simulating Scattered Spider
Recently Scattered Spider (G1015) have been gathering attention from a range of attacks against UK retail, namely attacks against Marks and Spencer, Harrods and Co-Op. These have led to extensive service disruption, with some firms being able to limit the impacts caused more than others. This…
-
UK Legal Considerations For Red Teamers
Strap in for a thrilling ride of legal terms and jargon! Legal stuff is certainly not the reason most red teamers perform assessments, but it is a vital part of the role. I’ve wanted to learn more about the actual legal requirements behind we do certain…
-
CBEST Testing Approach Summarised
Overview The CBEST process is the regulated approach taken to the routine testing of financial institutions with a suitable presence within the UK. It is now a mature process which makes it a useful guide for basing non-regulated red teaming operations on. For example, aligning any…
-
One Time Phishing Links With Caddy & AWS SES
Caddy has long caught my attention as a much nicer alternative to Apache or Nginx which has been widely used by red teams over the years. As a bit of a project to learn more about Caddy and GoPhish, I wanted to try and combine the…
-
Deez WORDS – An Intro To C++
When I first started learning C++, I found a lot of the terms hard to pick up after using C# and Python for so long. Given some of the conventions are not all that visible, I figured it would be handy to pull them together into…
-
Grow Your Own SCCM Lab!
The offensive usage of SCCM has become a big topic in recent months and years. In this article, I will cover the basics of SCCM and how to configure an SCCM lab from scratch. I also have another article which shows the currently known attack vectors…
-
Offensive SCCM Summary
This article aims to summarise the currently available tooling (August 2023), as well as the attack vectors which are present. My previous article covers the basics of SCCM and how to configure an SCCM lab from scratch. In summary, I believe the SCCM attack surface is…
-
BloodHound & Cypher Language
A look at the more complex features of BloodHound’s Cypher query language, with several examples of how it can be used to audit an environment.
-
BloodHound Basics
A quick primer on the basics of BloodHound, the well-known Active Directory auditing tool
-
Diagrams: Timelines
Ever wanted to make better diagrams and timelines for your red team reports? I will cover some ideas on how to better structure them.
-
Attacking Password Managers: KeePass
A look into how client based password managers such as KeePass can be attacked via various methods.
-
Shodan 201: Rummaging Around The Internet
Some tips and tricks for how to use Shodan and its powerful filters to accurately query the internet!
-
Hack The Boo
Hack The Boo was a Halloween themed CTF from Hack The Box. I could only dedicate a few hours to this, but still managed to solve 3 machines. Below is a quick writeup on the machines I did: Evaluation Deck First off, I downloaded the supplied…
-
RedTeamNotes: Combining Notes & Graphs!
A quick look at a notetaking application I build whilst doing CRTO as a means of representing my notes in a directed graph to aid with red teaming
-
SharpRDPHijack: RDP Session Hijacking
A look at RDP session hijacking using SharpRDPHijack, Mimikatz and TSCon. This technique allows us to interact with disconnected RDP sessions.
-
Digging Into Mimikatz’s lsadump And sekurlsa
Mimikatz is a tool which has always surprised me with how many functions and features it has. In this post I dig into the lsadump and sekurlsa functions to see what all of the modules do.
-
OffSecOps: Using Jenkins For Red Team Tooling
A quick look at how Jenkins can be used to automatically build payloads and tooling, based on the OffSecOps talk by Harmj0y.
-
Certified Red Team Operator (CRTO) Review
A review of the Certified Red Team Operator (CRTO) exam by RastaMouse
-
HackTheBox ScriptKiddie Walkthough
ScriptKiddie was an Easy rated Linux machine, which involved exploiting a vulnerability within MetaSploit, then gaining access to the pwn user and abusing a sudo misconfiguration. Getting A Shell Reconnisance Initial nMap scans showed a very simple box, with just SSH and port 5000 open. I…
-
My OSCP Exam Experience & Tips
Here is a write up of my OSCP exam experience – from studying through to passing the exam. Overall, it was a worthwhile experience and I would recommend it to anyone interested in infosec! TL:DR Practise! IMO, the OSCP exam manual is too large and not…