Tag: Red Team

For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation within each technique (i.e., payloads, pretexts, delivery mechanisms, obfuscations) used by most threat actors there i…

Introducing Ghostwriter v3.0

by Christopher Maddalena • June 14, 2022

The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter.
Our goal was to make it much simpler to install and manage the application a…

How do Red Team Exercises help CISO to Validate the Security Controls Effectively?

by Geetha R • May 23, 2022

Red Team Exercises are one of the best ways for CISOs to validate the security controls effectively. By simulating a real-world attack, Red Team exercises help organizations identify their vulnerabilities and determine how well their security controls …

Resolving System Service Numbers using the Exception Directory

by MDSec • April 19, 2022

Introduction While developing new features for Nighthawk C2, we observed that NTDLL contains up to three internal tables with the Relative Virtual Address (RVA) of all system calls. Two of these…

The post Resolving System Service Numbers using the Exception Directory appeared first on MDSec.

Coercing NTLM Authentication from SCCM

by Chris Thompson • April 13, 2022

tl;dr: Disable NTLM for Client Push Installation
When SCCM automatic site assignment and automatic client push installation are enabled, and PKI certificates aren’t required for client authentication, it’s possible to coerce NTLM authentication from th…

Ghostwriter v2.3.0 & 2022 Road Map

by Christopher Maddalena • April 6, 2022

Ghostwriter is changing! We try to be transparent with our development work, but it has been tricky to make that information accessible. We tried to use a Trello board, blog posts, Twitter updates, Slack channels, and other tools, but we heard these m…

Process Injection via Component Object Model (COM) IRundown::DoCallback()

by MDSec • April 5, 2022

Introduction The MDSec red team are continually performing research in to new and innovative techniques for code injection enabling us to integrate them in to tools used for our red…

The post Process Injection via Component Object Model (COM) IRundown::DoCallback() appeared first on MDSec.

Top 5 Red Team Companies

by Naimisha • March 31, 2022

Cybersecurity has become a top priority for businesses of all sizes. As a result, the demand for red team companies and services has exploded. Yes, more and more businesses recognize the importance of having a dedicated team of professionals tasked […]…

ABC-Code Execution for Veeam

by MDSec • March 29, 2022

This blog post details several recently patched vulnerabilities in the Veeam Backup & Replication and Veeam Agent for Microsoft Windows. We’ll detail MDSec’s process for identifying these 1Day vulnerabilities, writing…

The post ABC-Code Execution for Veeam appeared first on MDSec.

Browser-in-the Browser (BITB) – A New Born Phishing Methodology

by Keyur Talati • March 25, 2022

Introduction There is no one who we can trust in this digital age! Phishing has become a prevalent assault in the previous decade, with the attacker using a false login screen to acquire users’ credentials. A novel phishing technique called […]
The po…

Cybersecurity Red Team 101

by Help Net Security • March 21, 2022

“Red Team” is an expression coined in the 19th century, related to German military preparedness exercises conducted as realistic board games between two adversaries operating under time constraints and certain rules. In cybersecurity, Red Team exercise…

The Importance of Tabletop Cybersecurity Exercises

by Boris Khazin • March 10, 2022

The military is always on the cutting edge of technological and strategic innovations. While they usually use war games to train personnel, these exercises can be difficult to schedule and expensive to execute. However, tabletop exercises, where key …

What It Takes to Build the Blue Team of Tomorrow

by David Bisson • January 17, 2022

A good defense takes some testing. Ethical hacking involves pitting two teams together for the sake of strengthening digital security defenses. The red team attempts to bypass digital security barriers. By doing so, they reveal both misconceptions and flaws in their employer’s attack detection. Then, the blue team tries to defend against the red team’s […]

The post What It Takes to Build the Blue Team of Tomorrow appeared first on Security Intelligence.

Nighthawk 0.1 – New Beginnings

by MDSec • December 16, 2021

Introduction MDSec’s ActiveBreach red team operate in the some of the highest maturity environments, where a significant degree of in-memory and post-exploitation operational security is often required to counteract defensive…

The post Nighthawk 0.1 – New Beginnings appeared first on MDSec.

DEF CON 29 Red Team Village – Bruce Schneier’s ‘AI And Red Team Village Panel’

by Marc Handelman • December 2, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Red Team Village – Bruce Schneier’s ‘AI And Red Team Village Panel’ app…

DEF CON 29 Red Team Village – ‘CTF Recap and Upcoming Events’

by Marc Handelman • December 2, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Red Team Village – ‘CTF Recap and Upcoming Events’ appeared first on Security…

DEF CON 29 Red Team Village – ‘CTF Day 3’

by Marc Handelman • December 1, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Red Team Village – ‘CTF Day 3’ appeared first on Security Boulevard.

DEF CON 29 Red Team Village – ‘CTF Day 2’

by Marc Handelman • December 1, 2021

DEF CON 29 Red Team Village – ‘CTF Day 1’

by Marc Handelman • November 30, 2021

DEF CON 29 Red Team Village – Russ Hanneman’s ‘Message About The Red Team Village CTF’

by Marc Handelman • November 29, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Red Team Village – Russ Hanneman’s ‘Message About The Red Team Village CTF&#8…

DEF CON 29 Red Team Village – Panel: The future Of AI, Machine Learning And Offensive Security’

by Marc Handelman • November 29, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel.
Permalink
The post DEF CON 29 Red Team Village – Panel: The future Of AI, Machine Learning And Offensive Security&#8217…

Breach and Attack Simulation: Hack Yourself to a More Secure Future

by Mike Elgan • November 10, 2021

Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […]

The post Breach and Attack Simulation: Hack Yourself to a More Secure Future appeared first on Security Intelligence.

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries

by Paul Ducklin • October 25, 2021

Michelle Farenci knows her stuff, because she’s a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.

12 Benefits of Hiring a Certified Ethical Hacker

by Mike Elgan • September 21, 2021

You’ve probably heard the phrase “you don’t know what you don’t know”. It’s a stage of learning most people find themselves in at one time or another. When it comes to cybersecurity, hackers succeed by finding the security gaps and vulnerabilities you missed. That’s true of malicious attackers. But it’s also true of their equivalent […]

The post 12 Benefits of Hiring a Certified Ethical Hacker appeared first on Security Intelligence.

NSA Meeting Proposal for ProxyShell

by MDSec • September 15, 2021

As part of Microsoft Exchange April and May 2021 patch, several important vulnerabilities were fixed which could lead to code execution or e-mail hijacking. Any outdated and exposed Exchange server…

The post NSA Meeting Proposal for ProxyShell appeared first on MDSec.

Bypassing Image Load Kernel Callbacks

by MDSec • June 17, 2021

As security teams continue to advance, it has become essential for attacker’s to have complete control over every part of their operation, from the infrastructure down to individual actions that…

The post Bypassing Image Load Kernel Callbacks appeared first on MDSec.

Phishing Users to Take a Test

by MDSec • March 9, 2021

Introduction When looking for new interesting attack surfaces in Windows, I’ve often looked to default file handlers and LOLBins. Another interesting place to look is the default protocol handlers and…

The post Phishing Users to Take a Test appeared first on MDSec.

Farming for Red Teams: Harvesting NetNTLM

by MDSec • February 22, 2021

Overview In the ActiveBreach red team, we’re always looking for innovative approaches for lateral movement and privilege escalation. For many of the environments we operate in, focusing on the classic…

The post Farming for Red Teams: Harvesting NetNTLM appeared first on MDSec.

macOS Post-Exploitation Shenanigans with VSCode Extensions

by MDSec • January 14, 2021

Overview It’s no secret that macOS post-exploitation is often centric around targeting the installed apps for privilege escalation, persistence and more. Indeed, we’ve previously posted about approaches for code injection…

The post macOS Post-Exploitation Shenanigans with VSCode Extensions appeared first on MDSec.

Breaking The Browser – A tale of IPC, credentials and backdoors

by MDSec • January 12, 2021

Web browsers are inherently trusted by users. They are trained to trust websites which “have a padlock in the address bar” and that “have the correct name”, This trust leads…

The post Breaking The Browser – A tale of IPC, credentials and backdoors appeared first on MDSec.

Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams

by MDSec • December 31, 2020

Introduction The motivation to bypass user-mode hooks initially began with improving the success rate of process injection. There can be legitimate reasons to perform injection. UI Automation and Active Accessibility will use it…

The post Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams appeared first on MDSec.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Europe, Global Security News, North America

by Matt Hand • June 16, 2022

Europe, Global Security News, North America

by Christopher Maddalena • June 14, 2022

Europe, Global Security News, North America

by Geetha R • May 23, 2022

by MDSec • April 19, 2022

Europe, Global Security News, North America

by Chris Thompson • April 13, 2022

Europe, Global Security News, North America

by Christopher Maddalena • April 6, 2022

by MDSec • April 5, 2022

Europe, Global Security News, North America

by Naimisha • March 31, 2022

by MDSec • March 29, 2022

Europe, Global Security News, North America

by Keyur Talati • March 25, 2022

Global Security News, North America

by Help Net Security • March 21, 2022

Europe, Global Security News, North America

by Boris Khazin • March 10, 2022

by David Bisson • January 17, 2022

Uncategorized

by MDSec • December 16, 2021

Europe, Global Security News, North America

by Marc Handelman • December 2, 2021

Europe, Global Security News, North America

by Marc Handelman • December 2, 2021

Europe, Global Security News, North America

by Marc Handelman • December 1, 2021

Europe, Global Security News, North America

by Marc Handelman • December 1, 2021

Europe, Global Security News, North America

by Marc Handelman • November 30, 2021

Europe, Global Security News, North America

by Marc Handelman • November 29, 2021

Europe, Global Security News, North America

by Marc Handelman • November 29, 2021

by Mike Elgan • November 10, 2021

by Paul Ducklin • October 25, 2021

by Mike Elgan • September 21, 2021

Uncategorized

by MDSec • September 15, 2021

Uncategorized

by MDSec • June 17, 2021

Uncategorized

by MDSec • March 9, 2021

Uncategorized

by MDSec • February 22, 2021

Uncategorized

by MDSec • January 14, 2021

Uncategorized

by MDSec • January 12, 2021

Uncategorized

by MDSec • December 31, 2020