Red Team
Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound
Christopher Maddalena | | Cybersecurity, Information Security, Penetration Testing, Red Team, Report
Ghostwriter v4.3 is available now, and it enhances features introduced in previous versions of v4 in some exciting ways! In particular, this article will dive into how you can integrate a tool ...
The HTML, CSS and Javascript Trojan Horse — Smuggling Malware through Web Resources
Engineering @ SquareX | | Cybersecurity, enterprise security, Malware Analysis, Red Team, Secure Web Gateway
The HTML, CSS and Javascript Trojan Horse — Smuggling Malware through Web Resources‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX ...
A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web…
Engineering @ SquareX | | Cybersecurity, enterprise security, Malware Analysis, Red Team, Secure Web Gateway
A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web Gateways‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt ...
WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways
Engineering @ SquareX | | Cybersecurity, enterprise security, Malware Analysis, Red Team, Secure Web Gateway
‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX presented groundbreaking research curating vulnerabilities in Secure Web Gateways (SWGs) ...
Life at SpecterOps: The Red Team Dream
TL;DRWe are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careersIntroductionHey there! I’m Duane Michael, a Managing Consultant and red teamer at SpecterOps. Over ...
Teach a Man to Phish
PHISHING SCHOOLA Decade of Distilled Phishing WisdomI decided to give away all of my phishing secrets for free. I realized at some point that I have been giving away phishing secrets for years, ...
Sleeping With the Phishes
PHISHING SCHOOLHiding C2 With Stealthy Callback ChannelsWrite a custom command and control (C2) implant — Check ✅Test it on your system — Check ✅Test it in a lab against your client’s endpoint detection and response (EDR) product — Check ✅Convince a target ...
How Hackers Steal Your RFID Cards
[email protected] | | Blog, Cybersecurity, Red Team, RFID, Security Awareness & Education, Technical, Threat & Attack Simulation, Vulnerability Management & Penetration Testing
Radio Frequency Identification (RFID) cards are ubiquitously used to authenticate using a physical token. This technology is often embedded in […] ...
Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover
Even within organizations that have achieved a mature security posture, targeted NTLM relay attacks are still incredibly effective after all these years of abuse. Leveraging several of these NTLM relay primitives, specifically ...
Deep Sea Phishing Pt. 2
PHISHING SCHOOLMaking Your Malware Look Legit to Bypasses EDRI wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to ...