Running An Adversary Emulation Exercise Adversary emulation can take many forms, but it will always have the same end goal. Helping companies come away knowing how to defend themselves better. You...

Bloodhound What is it? Bloodhound describes their product as using graph theory to reveal hidden and unintended links between users and groups that makes lateral movement easier for attackers. Natu...

Sliver vs Havoc - Two Adversary Emulation Frameworks I wanted to objectively measure two well known frameworks against one another and see which fits certain needs best. To this end, each platfor...

A Quick Review Of Where We Started Switchblade started out about a year ago with an idea taken from the leaked CIA toolset. The tool was called Switchblade, and it used mutual TLS in order to rout...

Another fake ad, another fake product Wow, there’s been a lot of malvertising recently. The last post was on a bitcoin scam and it looks like we’re continuing this trend. Some of you might remembe...

Do You Want To Be A Millionaire? I got the weirdest phishing email the other day. It was a link to a cryptocurrency exchange called protoncoin[.]net with a username and password. So naturally, I c...

How Does AV Know? Have you ever wondered how AV knows what that the application you’re trying to run is malicious when it doesn’t have a known signature? NTDLL is the answer. Before we begin It’...

Please pardon the mess as the old Blogger site is transitioned here. Some of the posts got saved oddly, some of them have poor formatting because I made poor design choices, and some are missing fo...

     What is GoPhish?     GoPhish is a great platform for launching phishing campaigns on a budget. By simply installing it along with Postfix on a Digitalocean drop...

So you want to be a pentester     There's a ton of different types of pentesting that you can do. What we'll talk about here though is website pentesting. This is the type of pentest...