Phishing with SAML and SSO Providers

Phishing is getting harder. Email firewalls, user training and a host of endpoint controls are making phishing something that many Red Teams no longer perform. Instead, many Red Teams are using something called Assume Breach or White Carding, this allows the Red Team to skip certain portions of the initial...
Read More

Violating Your Personal Space with Webex

Some time ago Karl Fosaaen with NetSpi came out with some pretty interesting research around Federated Services and Skype for Business. One of the attack vectors was being able to access other companies address books and sending them direct Skype for Business messages, including all the features that Skype for...
Read More

Penetration Testing is Red Teaming

Red teaming is not penetration testing but penetration testing is red teaming. Information Security does not own red teaming. Red Teaming has been around for centuries and has been used throughout time for various purposes, assuredly most of these uses weren’t cyber. At its core, red teaming is applying a critical...
Read More

Elk + Osquery + Kolide Fleet = Love

Threat hunting on Linux and Mac has probably never been easier. With the combination of these tools, we can query all of our hosts on demand for IOC’s, schedule queries to run on an automated basis and feed all of these results into our SIEM. Osquery is even platform agnostic...
Read More

Automating the detection of Mimikatz with ELK

I’ve been going through CyberWarDog’s Threat Hunting posts as of late and stumbled upon his ‘[Hunting for In-Memory Mimikatz][1]’ Series. The methods used to build signatures are very straight forward and seem to remove a barrier to entry for figuring out how to profile malicious tools. [The method used to...
Read More