Red Team – Page 5 – WindowsTechs.com

What It Takes to Build the Blue Team of Tomorrow

Posted on January 17, 2022 by David Bisson

A good defense takes some testing. Ethical hacking involves pitting two teams together for the sake of strengthening digital security defenses. The red team attempts to bypass digital security barriers. By doing so, they reveal both misconceptions and flaws in their employer’s attack detection. Then, the blue team tries to defend against the red team’s […]

The post What It Takes to Build the Blue Team of Tomorrow appeared first on Security Intelligence.

Continue reading What It Takes to Build the Blue Team of Tomorrow→

Writing Beacon Object Files: Flexible, Stealthy, and Compatible

Posted on December 20, 2021 by CoreLabs Research

Our colleagues over at Core Security have been doing great things with Cobalt Strike, making use of it in their own engagements. They wrote up this post on creating Cobalt Strike Beacon Object Files using the MinGW compiler on Linux. It covers several ideas and best practices that will increase the quality of your BOFs. […]

Process Injection Update in Cobalt Strike 4.5

Posted on December 15, 2021 by Chris Thorpe

Process injection is a core component to Cobalt Strike post exploitation. Until now, the option was to use a built-in injection technique using fork&run. This has been great for stability, but does come at the cost of OPSEC. Cobalt Strike 4.5 now supports two new Aggressor Script hooks: PROCESS_INJECT_SPAWN and PROCESS_INJECT_EXPLICIT. These hooks allow a user to define how the fork&run and explicit injection techniques are implemented when executing post […]

Nanodump: A Red Team Approach to Minidumps

Posted on November 17, 2021 by CoreLabs Research

Motivation It is known that dumping Windows credentials is a technique often utilized for everyday attacks by adversaries and, consequently, Red Teamers. This process has been out there for several years and is well documented by MITRE under the T1003.001 technique. Sometimes, when conducting a Red Team engagement, there may be some limitations when trying […]

Continue reading Nanodump: A Red Team Approach to Minidumps→

Nanodump: A Red Team Approach to Minidumps

Posted on November 17, 2021 by CoreLabs Research

Continue reading Nanodump: A Red Team Approach to Minidumps→

Breach and Attack Simulation: Hack Yourself to a More Secure Future

Posted on November 10, 2021 by Mike Elgan

Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […]

The post Breach and Attack Simulation: Hack Yourself to a More Secure Future appeared first on Security Intelligence.

Continue reading Breach and Attack Simulation: Hack Yourself to a More Secure Future→

Create a proxy DLL with artifact kit

Posted on November 2, 2021 by Joe Vest

DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a Red Team engagement to help measure these defenses. Have you used this technique? In this post, I’ll walk through an example of adding a DLL proxy to beacon.dll for use in a DLL Proxy attack. What is a […]

Continue reading Create a proxy DLL with artifact kit→

Create a proxy DLL with artifact kit

Posted on October 29, 2021 by Joe Vest

DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a red team engagement to help measure these defenses. Have you used this technique? In this post, I’ll walk through an example of adding a DLL proxy to beacon.dll for use in a DLL Proxy attack. What is a […]

Continue reading Create a proxy DLL with artifact kit→

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries

Posted on October 25, 2021 by Paul Ducklin

Michelle Farenci knows her stuff, because she’s a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender. Continue reading Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries→

When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Posted on October 15, 2021 by Koen Van Impe

Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of ‘red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team. These exercises are not about winning or […]

The post When Is an Attack not an Attack? The Story of Red Team Versus Blue Team appeared first on Security Intelligence.

Continue reading When Is an Attack not an Attack? The Story of Red Team Versus Blue Team→