Home
Culbert Report
Cancel

Building A Detection Lab Around Suricata

Building A Detection Lab Around Suricata A while back there were a flurry of posts from different people about how they were configuring their homelabs, rebuilding them to do X better than somethi...

Making Red Teaming Safer

I have been quietly hard at work the past few months turning an old project that didn’t quite work even half the time into a framework that provides the solid base of functionality required to bui...

Subdomain Takeovers

A quick story of a misconfiguration This is a very quick post, I’m working on others I promise. On Dec 8, I went to my site, git.culbertreport.com, and all looked good. I then went to cr.culbertre...

The Evolution Of Evasion

The evolution of evasion Evasion is a very interesting topic. When I say evasion, I’m referring to both evading prying eyes from analysts and avoiding their attention, as well as evading AV and ED...

C2 Smackdown Empire Vs Mythic

C2 Smackdown - Empire vs Mythic I found evaluating platforms like this to be a great way to familiarize myself with them quickly, so I’ve opted to do this test again. The last time I compared C2’s...

Adversary Emulation Exercises

Running An Adversary Emulation Exercise Adversary emulation can take many forms, but it will always have the same end goal. Helping companies come away knowing how to defend themselves better. You...

Bloodhound basics

Bloodhound What is it? Bloodhound describes their product as using graph theory to reveal hidden and unintended links between users and groups that makes lateral movement easier for attackers. Natu...

Sliver vs Havoc

Sliver vs Havoc - Two Adversary Emulation Frameworks I wanted to objectively measure two well known frameworks against one another and see which fits certain needs best. To this end, each platfor...

Breaking Down Creating A Redteam Framework

A Quick Review Of Where We Started Switchblade started out about a year ago with an idea taken from the leaked CIA toolset. The tool was called Switchblade, and it used mutual TLS in order to rout...

Malvertising Continued

Another fake ad, another fake product Wow, there’s been a lot of malvertising recently. The last post was on a bitcoin scam and it looks like we’re continuing this trend. Some of you might remembe...