2020 OSCP Contest
Last year I decided to give away 3 vouchers to PWK 60 days of labs. This was of my own free will and under no umbrella. I wanted to give back to the community and industry that provided a means to which I can feed, clothe, and put a roof ... Read More
Family Mission Statement
I love this so much I wanted to keep it around. I googled to see if this was posted somewhere in text form but I couldn’t find it. Traditionally I haven’t been a fan of daily mantras, but I’m thinking about talking to my kids about repeating this one. From ... Read More
Run as SYSTEM using Evil-WinRM
This is a quick blog post on how to elevate to SYSTEM without the need for PSEXEC when you are using PowerShell, or more specifcially in this case, PowerShell Remoting (WinRM). First off, let me introduce my tool of choice here. It’s Evil-WinRM. I spoke about it in the Practical ... Read More
The Four Phases of Offensive Security Teams
For brevity, I will be using the term “partner” to refer to the customer, Defensive Team, IT Team, or other direct consumers of the Offensive Team’s output. In my experience, offensive security teams, be them internal or external (consultants/contractors), the relationship they have with companies falls into one of four ... Read More
Let Me Out of Your Net – Egress Testing
Use-cases: IT Admin, Firewall Admin, or Security staff at a company and want to confirm what ports and protocols are allowed of your network. Pentester that wants to identify ports and protocols that can be used for a pentest to gain C2 outbound. Purple Team testing ports and protocol detection ... Read More
Compiling a DLL using MingGW
Compiling a Windows DLL has always been a pain for me. Getting Visual Studio working is frustrating (or at least used to be, before VS2019). I ran into this same issue recently. I didn't have Visual Studio readily available because the VMs I had built for the task were left ... Read More
Get Process List with Command Line Arguments
One of the most useful things when doing post exploitation on Linux is grabbing a full process list. One of the reasons this is useful is because it includes the arguments passed to these processes. The arguments for a process can tell you where configs are, what passwords might have ... Read More
