With clients increasingly relying on cloud services from Azure, one of the technologies that has been my radar for a while is Azure AD. For those who have not had the opportunity to work with this, the concept is simple, by extending authentication beyond on-prem Active Directory, users can authenticate with their AD credentials against Microsoft services such as Azure, Office365, Sharepoint, and hundreds of third... Read More »
In Cobalt Strike 3.13, the argue command was introduced as a way of taking advantage of argument spoofing. I was first made aware of the concept while watching Will Burgess's awesome talk RedTeaming in the EDR Age, with Will crediting Casey Smith who presented the idea during a series of tweets. As with anything introduced to Cobalt Strike which has the chance to improve operational security, I wanted to dig into the concept further to see just how... Read More »
I’m not actually sure when the abstraction of Blockchain started or when it became such a marketing buzzword, but with so many things claiming to be “Powered by The Blockchain”, I wanted to dig into the technology to understand if there was any benefit to be had by an aggressor.... Read More »
In this post I wanted to look at a technique which is by no means new to .NET developers, but may prove useful to redteamers crafting their tools... exporting .NET static methods within a DLL... AKA using RunDLL32 to launch your .NET assembly.... Read More »
Sometimes when you are in the middle of an engagement, you will come across a hurdle which requires a quick bit of research, coding, and a little bit of luck. This was the case with a recent engagement in which we came across Cisco AMP, an endpoint protection technology which provides analysis of processes, provides spawn chains, and exposed a bunch of the other goodies you have come to expect from EDR products, including our old friend…. self-protection. We’ve explored self-protection t... Read More »