Red Team Adversarial Attack Simulation – Page 5

Practical OAuth Abuse for Offensive Operations – Part 1

Posted on May 13, 2020 by Nathan Noll

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to…

The post Practical OAuth Abuse for Offensive Operations – Part 1 appeared first on TrustedSec.

Continue reading Practical OAuth Abuse for Offensive Operations – Part 1→

Wanted: Process Command Lines

Posted on April 9, 2020 by Nathan Noll

As a Red teamer, the key to not getting detected is to blend in. That means that if I need to spawn a new process on a host, it is important that it looks legitimate with command line parameters that look correct. Many system binaries have a set of parameters when they are executed. This…

The post Wanted: Process Command Lines appeared first on TrustedSec.

Continue reading Wanted: Process Command Lines→

Red Team Engagement Guide: How an Organization Should React

Posted on December 5, 2019 by Amanda Mates

A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, but ones that companies procuring these tests…

The post Red Team Engagement Guide: How an Organization Should React appeared first on TrustedSec.

Continue reading Red Team Engagement Guide: How an Organization Should React→

Discovering the Anti-Virus Signature and Bypassing It

Posted on October 24, 2019 by Nathan Noll

In this post, I am going to go over how to find the specific Anti-Virus signature using manual testing and then show techniques that can be used to bypass them. I am a big fan of LOLBins so we are going to focus on the binary Regsvr32, which is a known binary that can be…

The post Discovering the Anti-Virus Signature and Bypassing It appeared first on TrustedSec.

Continue reading Discovering the Anti-Virus Signature and Bypassing It→