![Nemesis 1.0.0](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Nemesis 1.0.0
In August of last year, @tifkin_, @0xdab0, and I released Nemesis, our offensive data enrichment platform. After lots of feedback, operational testing, hundreds of commits, and another solid dev cycle, we’re proud to finally announce Nemesis’ 1.0.0 release. This post will detail several of the major changes we’re excited about, ... Read More
![Summoning RAGnarok With Your Nemesis](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Summoning RAGnarok With Your Nemesis
I hope I’m Not Too LateWith the explosion of large language model (LLM) use, everyone is rushing to apply LLMs to their specific industry and it’s the same for information security. While LLMs have a huge range of applications in the security domain, we’re going to focus on one specific use ... Read More
![Hacking With Your Nemesis](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Hacking With Your Nemesis
In the first post in this series, On (Structured) Data, we talked about the gap area of offensive structured data and ended with the question, “If all of our offensive tools produced and worked with structured data, what would be possible?” The second post, Challenges In Post-Exploitation Workflows, covered several ... Read More
![Challenges In Post-Exploitation Workflows](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Challenges In Post-Exploitation Workflows
In our previous post, we talked about the problem of structured data in the post-exploitation community. We touched on the existing relationship between our tools and data and covered some of the domain-specific challenges that come with offensive data collection. We ended with the question “If all of our offensive ... Read More
![On (Structured) Data](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
On (Structured) Data
IntroductionThe offensive security industry is a curious one. On the one hand, we are ahead in various trends (or “thought leadership,” as some would have us term it) and are used to literally “moving fast and breaking things.” On the other hand, we’re far behind similar disciplines. One major area ... Read More
![Certificates and Pwnage and Patches, Oh My!](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Certificates and Pwnage and Patches, Oh My!
This post was written by Will Schroeder and Lee Christensen.A lot has happened since we released the “Certified Pre-Owned” blog post and whitepaper in June of last year. While the paper details a LOT of tradecraft ranging from credential theft to domain persistence, the part that caught most people’s attention ... Read More
![Koh: The Token Stealer](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Koh: The Token Stealer
Years ago I was chatting with a few experienced red teamers and one was lamenting token abuse. Specifically, they wanted to be able to automatically “harvest” tokens on a host as people connected, keeping the tokens usable for operators even after the associated account logged off. I knew very little ... Read More
![DeepPass — Finding Passwords With Deep Learning](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
DeepPass — Finding Passwords With Deep Learning
DeepPass — Finding Passwords With Deep LearningOne of the routine tasks operators regularly encounter on most engagements is data mining. While exactly what operators are after varies from environment to environment, there is one common target that everyone’s always interested in: passwords.After diving into machine learning from an adversarial perspective I started to ... Read More
!["Adversarial Machine Learning" with Ian Goodfellow](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Learning Machine Learning Part 3: Attacking Black Box Models
In the first post in this series we covered a brief background on machine learning, the Revoke-Obfuscation approach for detecting obfuscated PowerShell scripts, and my efforts to improve the dataset and models for detecting obfuscated PowerShell. We ended up with three models: a L2 (Ridge) regularized Logistic Regression, a LightGBM ... Read More
![Learning Machine Learning Part 2: Attacking White Box Models](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Learning Machine Learning Part 2: Attacking White Box Models
In the previous post, I went through a very brief overview of some machine learning concepts, talked about the Revoke-Obfuscation project, and detailed my efforts at improving the dataset and models for detecting obfuscated PowerShell scripts. That resulted in three separate tuned models for obfuscated PowerShell script detection: a Logistic ... Read More