Home
Culbert Report
Cancel

The Evolution Of Evasion

The evolution of evasion Evasion is a very interesting topic. When I say evasion, I’m referring to both evading prying eyes from analysts and avoiding their attention, as well as evading AV and ED...

C2 Smackdown Empire Vs Mythic

C2 Smackdown - Empire vs Mythic I found evaluating platforms like this to be a great way to familiarize myself with them quickly, so I’ve opted to do this test again. The last time I compared C2’s...

Adversary Emulation Exercises

Running An Adversary Emulation Exercise Adversary emulation can take many forms, but it will always have the same end goal. Helping companies come away knowing how to defend themselves better. You...

Bloodhound basics

Bloodhound What is it? Bloodhound describes their product as using graph theory to reveal hidden and unintended links between users and groups that makes lateral movement easier for attackers. Natu...

Sliver vs Havoc

Sliver vs Havoc - Two Adversary Emulation Frameworks I wanted to objectively measure two well known frameworks against one another and see which fits certain needs best. To this end, each platfor...

Breaking Down Creating A Redteam Framework

A Quick Review Of Where We Started Switchblade started out about a year ago with an idea taken from the leaked CIA toolset. The tool was called Switchblade, and it used mutual TLS in order to rout...

Malvertising Continued

Another fake ad, another fake product Wow, there’s been a lot of malvertising recently. The last post was on a bitcoin scam and it looks like we’re continuing this trend. Some of you might remembe...

Do You Want To Be A Millionaire

Do You Want To Be A Millionaire? I got the weirdest phishing email the other day. It was a link to a cryptocurrency exchange called protoncoin[.]net with a username and password. So naturally, I c...

How AV Hooks NTDLL

How Does AV Know? Have you ever wondered how AV knows what that the application you’re trying to run is malicious when it doesn’t have a known signature? NTDLL is the answer. Before we begin It’...

Please pardon the mess!

Please pardon the mess as the old Blogger site is transitioned here. Some of the posts got saved oddly, some of them have poor formatting because I made poor design choices, and some are missing fo...