Category Archives: tradecraft

OSINT & External Recon Pt. 1: Host Discovery – Tradecraft Security Weekly #8

Posted on by

During the reconnaissance phase of a penetration test being able to discover the external assets of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools it is possible to enumerate an organizations external assets without sending any data directly from your computer system […] Continue reading OSINT & External Recon Pt. 1: Host Discovery – Tradecraft Security Weekly #8

Situational Awareness with HostRecon – Tradecraft Security Weekly #7

Posted on by

After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) will show how to use PowerShell to query information about the […] Continue reading Situational Awareness with HostRecon – Tradecraft Security Weekly #7

WordPress Vulnerability Discovery and Exploitation – Tradecraft Security Weekly #6

Posted on by

Over 27% of all websites globally run WordPress. This makes WordPress a very highly targeted piece of software. There are numbers of different aspects to consider when attempting to discover vulnerabilities in WordPress. In this episode of Tradecraft S… Continue reading WordPress Vulnerability Discovery and Exploitation – Tradecraft Security Weekly #6

Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

Posted on by

In episode 2 of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses Windows privilege escalation techniques. There are many reasons why normal employees should not be local administrators of their own systems. Network administrators tend to l… Continue reading Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

The CIA’s "Development Tradecraft DOs and DON’Ts"

Posted on by

Useful best practices for malware writers, courtesy of the CIA. Seems like a lot of good advice. General: DO obfuscate or encrypt all strings and configuration data that directly relate to tool functionality. Consideration should be made to also only de-obfuscating strings in-memory at the moment the data is needed. When a previously de-obfuscated value is no longer needed, it… Continue reading The CIA’s "Development Tradecraft DOs and DON’Ts"

NSA Using Cyberattack for Defense

Posted on by

These days, it’s rare that we learn something new from the Snowden documents. But Ben Buchanan found something interesting. The NSA penetrates enemy networks in order to enhance our defensive capabilities. The data the NSA collected by penetrating BYZANTINE CANDOR’s networks had concrete forward-looking defensive value. It included information on the adversary’s "future targets," including "bios of senior White House… Continue reading NSA Using Cyberattack for Defense

Fictional Hacking: Michael Westen

Posted on by

I don’t know if it is true or not today, but in fiction, spies depend on lots of high-tech gadgets. I do know that during World War II, the various secret services like the OSS and the SOE did have gadgets like secret transmitters and concealed weapons. But, like [James Bond’s] grenade-launching ink pen, to [Maxwell Smart’s] shoe phone, those gadgets came from some organized lab. (When you watch the video below, remember that at that time, a personal phone going off in a theater was unknown as cell phones were years in the future.)

There’s a show that ran …read more

Continue reading Fictional Hacking: Michael Westen