- One Time Phishing Links With Caddy & AWS SES
Caddy has long caught my attention as a much nicer alternative to Apache or Nginx which has been widely used by red teams over the years. As a bit of a project to learn more about Caddy and GoPhish, I … Continue reading One Time Phishing Links With Caddy & AWS SES - Offensive SCCM Summary
This article aims to summarise the currently available tooling (August 2023), as well as the attack vectors which are present. My previous article covers the basics of SCCM and how to configure an SCCM lab from scratch. In summary, I … Continue reading Offensive SCCM Summary - BloodHound & Cypher Language
A look at the more complex features of BloodHound’s Cypher query language, with several examples of how it can be used to audit an environment. - BloodHound Basics
A quick primer on the basics of BloodHound, the well-known Active Directory auditing tool - Attacking Password Managers: LastPass
A look into how browser based password managers such as LastPass can be attacked via various methods. - RedTeamNotes: Combining Notes & Graphs!
A quick look at a notetaking application I build whilst doing CRTO as a means of representing my notes in a directed graph to aid with red teaming - Digging Into Mimikatz’s lsadump And sekurlsa
Mimikatz is a tool which has always surprised me with how many functions and features it has. In this post I dig into the lsadump and sekurlsa functions to see what all of the modules do. - OffSecOps: Using Jenkins For Red Team Tooling
A quick look at how Jenkins can be used to automatically build payloads and tooling, based on the OffSecOps talk by Harmj0y.