Building A Detection Lab Around Suricata A while back there were a flurry of posts from different people about how they were configuring their homelabs, rebuilding them to do X better than somethi...

I have been quietly hard at work the past few months turning an old project that didn’t quite work even half the time into a framework that provides the solid base of functionality required to bui...

A quick story of a misconfiguration This is a very quick post, I’m working on others I promise. On Dec 8, I went to my site, git.culbertreport.com, and all looked good. I then went to cr.culbertre...

The evolution of evasion Evasion is a very interesting topic. When I say evasion, I’m referring to both evading prying eyes from analysts and avoiding their attention, as well as evading AV and ED...

C2 Smackdown - Empire vs Mythic I found evaluating platforms like this to be a great way to familiarize myself with them quickly, so I’ve opted to do this test again. The last time I compared C2’s...

Running An Adversary Emulation Exercise Adversary emulation can take many forms, but it will always have the same end goal. Helping companies come away knowing how to defend themselves better. You...

Bloodhound What is it? Bloodhound describes their product as using graph theory to reveal hidden and unintended links between users and groups that makes lateral movement easier for attackers. Natu...

Sliver vs Havoc - Two Adversary Emulation Frameworks I wanted to objectively measure two well known frameworks against one another and see which fits certain needs best. To this end, each platfor...

A Quick Review Of Where We Started Switchblade started out about a year ago with an idea taken from the leaked CIA toolset. The tool was called Switchblade, and it used mutual TLS in order to rout...

Another fake ad, another fake product Wow, there’s been a lot of malvertising recently. The last post was on a bitcoin scam and it looks like we’re continuing this trend. Some of you might remembe...