Collaborate Disseminate
We use several threat intelligence tools at my work which alerts us of breach data AND shows us the plaintext contents of these breaches. However, when I investigate the source the breaches are almost always for sale by hackers. The ones t… Continue reading How do threat intelligence researchers acquire breach data without breaking the law? [closed]
Currently running a vulnerability assessment. However, the IP I was provided is a load balancer and the client only wants to test one of the sites running on the load balancer. The vulnerabilities I have found are all PHP related. How can … Continue reading Is there any quick or automated to way to check the version of PHP running on a remote server?
Trying to configure a download of MISP IoCs in Splunk ES, under Intelligence Downloads. It’s working for IPs but I can’t figure out how to tell Splunk that the feed contains more than just IPs, for example domains and hashes. From the docu… Continue reading In Splunk Enterprise Security Intelligence Downloads portion, what exactly does the "Fields" portion mean?
I have a MISP server set up. I then use a REST API endpoint to get a STIX feed from that server. This portion appears to be working fine. I then try to add that STIX feed to LogRhythms Threat Intelligence Service manager. It tells me that … Continue reading How can I add a MISP STIX feed to LogRhythm?
I am running an instance of Cobalt Strike. I navigate to the Payload Generator and select Java as the output. This generates a .java file which upon reading contains what looks like a byte array assigned to a variable and nothing else. For… Continue reading Trying to learn Cobalt Strike, and do not understand how to execute the Java payloads
For example when a command asks the user for input via [y/n] how can I input data in there via the interactive shell?
Continue reading How can I interact with prompts through Cobalt Strike?
If I try to run apt-get install bloodhound (as per several official instructions) on Kali, it is unable to locate the package. This is true for both the main and experimental repos. Was it removed? If so, why?
Continue reading Was BloodHound removed from Kali’s repositories? Why? [closed]
We are trying to implement a system of honeypots at a relatively large organization. What we are having trouble with is how many sensors or VMs need to be deployed. For example, given a network of 1000 endpoints does only 1 honeypot need t… Continue reading Appropriate network coverage for Honeypots
Our team was hired for a red team engagement for a client. A part of the engagement is attempting to crack the WiFi passwords of their office APs. However, we obviously want to stay undetected. What kind of thing should we watch out for? A… Continue reading How can wireless password cracking be detected?
One of our phishing scenarios during a pentest went like this: we send an email saying something along the lines of “As per the manager (CCd) please download the latest software included”. Then we attach the manager as CCd in… Continue reading Is there any tool or method to detect spoofed CCs?