Red Team – Page 13 – WindowsTechs.com

Inside the NSA’s CDX, a high-tech competition pitting cadets against elite attackers

Posted on April 13, 2017 by Chris Bing

Professional hackers from the NSA, U.S. Cyber Command and foreign militaries are launching a barrage of simulated cyberattacks this week as part of a training exercise to help teach students at the service academies for the Navy, Army, Coast Guard, U.S. Merchant Marine and Canadian Royal Military how to better defend sensitive computer networks. The annual NSA-led event, named the Cybersecurity Defense Exercise, or CDX, brings together rising talent with seasoned cyber-warriors in a simulated war games environment, where the undergraduates must monitor, identify and ultimately defend against a wide array of remote computer intrusions. The intrusions themselves are engineered with open-source, commercially available exploits and other hacking tools. “We don’t use anything homegrown,” said CDX Technical Lead James Titcomb, a full-time NSA employee in the spy agency’s information assurance directorate. “We don’t hit them with anything on the level of a nation-state,” Titcomb said. “The idea is that they should […]

The post Inside the NSA’s CDX, a high-tech competition pitting cadets against elite attackers appeared first on Cyberscoop.

Continue reading Inside the NSA’s CDX, a high-tech competition pitting cadets against elite attackers→

High-reputation Redirectors and Domain Fronting

Posted on February 6, 2017 by rsmudge

Working on Cobalt Strike, I get some insight into what folks are trying to do with it. Recently, the use of domain fronting for redirectors has come on my radar. A redirector is a server that sits between your malware controller and the target network. Domain fronting is a collection of techniques to make use […] Continue reading High-reputation Redirectors and Domain Fronting→

My First Go with BloodHound

Posted on December 14, 2016 by rsmudge

I finally had a chance to sit down and play with BloodHound. This was an item on my hacker todo list for awhile now. In this blog post, I’ll take you through my initial steps setting up and using this tool. It’s my hope that this information will help you get started with BloodHound too. […] Continue reading My First Go with BloodHound→

Agentless Post Exploitation

Posted on November 3, 2016 by rsmudge

Agentless Post Exploitation is using system administration capabilities to meet post-exploitation objectives, without an agent on the target. It’s just evil system administration. This talk is a survey of agentless post-exploitation techniques. It covers how to execute commands, upload/download files, harvest credential material, user exploitation, and pivoting. Enjoy! Filed under: Red Team Continue reading Agentless Post Exploitation→

Tactical exploitation with Warberry Pi

Posted on June 15, 2016 by Mirko Zorz

WarBerry Pi was built for red team engagements where it’s essential to obtain as much information as possible in a short period of time, while going undetected. All you need to do is find a network port and plug it in. WarBerry Pi has the capability to remain silent and observe what is happening on the network by sniffing IPs, MAC addresses and hostnames. It creates a profile that fits what’s normal for the organization, … More → Continue reading Tactical exploitation with Warberry Pi→

Looking for trouble: How predictive analytics is transforming cybersecurity

Posted on June 9, 2016 by Help Net Security

Leading organizations recognize that stringent cybersecurity processes and strong infrastructure, while essential, are not enough to eliminate today’s disparate and ubiquitous threats. So they aim to use predictive analytics to identify and stop potential threats before they can wreak havoc. Some approaches that organizations are taking to root out potential threats include automated scanning of Internet chatter; development of predictive models through analysis of hacks and breaches; and systematic, continuous probing of their own defenses. … More → Continue reading Looking for trouble: How predictive analytics is transforming cybersecurity→

HOWTO: Port Forwards through a SOCKS proxy

Posted on June 1, 2016 by rsmudge

Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature opens a SOCKS proxy server on the team server. Each SOCKS server instance is associated with an individual Beacon. All requests and traffic sent to a Cobalt Strike SOCKS server […] Continue reading HOWTO: Port Forwards through a SOCKS proxy→

Linux, Left out in the Cold?

Posted on March 23, 2016 by rsmudge

I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do you use Cobalt Strike to operate against Linux, BSD, and other UNIX flavored targets? Cobalt Strike is not the master unified interface for all hacking tasks. Rather, Cobalt Strike is […] Continue reading Linux, Left out in the Cold?→

Cobalt Strike Tips for 2016 CCDC Red Teams

Posted on February 23, 2016 by rsmudge

It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red team attacks. The winners of these regional events square off at the National CCDC in San Antonio, TX. Strategic Cyber LLC is making Cobalt Strike available to the red […] Continue reading Cobalt Strike Tips for 2016 CCDC Red Teams→

Windows Access Tokens and Alternate Credentials

Posted on December 16, 2015 by rsmudge

I’d like to call your attention to the humble runas.exe program on Windows. This program allows a Windows user to spawn another program with another user’s credentials. It’s a little painful to use runas.exe from a remote access tool. This program doesn’t accept a password as an argument. Cobalt Strike’s Beacon has a built-in runas […] Continue reading Windows Access Tokens and Alternate Credentials→