Collaborate Disseminate
This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undou… Continue reading Red teaming can be the ground truth for CISOs and execs
Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this has become problematic when using Cobalt Strike for red team engagements and that there has been some confusion over how Cobalt Strike’s malleable C2 options can help. Therefore, this blog […]
Continue reading Cobalt Strike and YARA: Can I Have Your Signature?
DEF CON’s AI Village will host the first public assessment of large language models (LLMs) at the 31st edition of the hacker convention this August, aimed at finding bugs in and uncovering the potential for misuse of AI models. The possibilities … Continue reading Finding bugs in AI models at DEF CON 31
This blog post accompanies a new addition to the Arsenal Kit – The User-Defined Reflective Loader Visual Studio (UDRL-VS). Over the past few months, we have received a lot of feedback from our users that whilst the flexibility of the UDRL is great, there is not enough information/example code to get the most out of […]
Continue reading Revisiting the User-Defined Reflective Loader Part 1: Simplifying Development
The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams […]
The post Defining the Cobalt Strike Reflective Loader appeared first on Security Intelligence.
Continue reading Defining the Cobalt Strike Reflective Loader
A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice […]
The post What is a Red Teamer? All You Need to Know appeared first on Security Intelligence.
This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we […]
Continue reading Behind the Mask: Spoofing Call Stacks Dynamically with Timers
When people find out that I’ve spent much of my career being hired by companies to steal their secrets, they usually ask, “Are we doing enough? Do we need a red team?” The latter is not a question with a simple “yes” or “no” answer. Many companie… Continue reading Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one color
CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye, available on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and … Continue reading CISA releases RedEye open-source analytic tool
“Red Team” is an expression coined in the 19th century, related to German military preparedness exercises conducted as realistic board games between two adversaries operating under time constraints and certain rules. In cybersecurity, Red Team exercise… Continue reading Cybersecurity Red Team 101