Phishing is getting harder. Email firewalls, user training and a host of endpoint controls are making phishing something that many Red Teams no longer perform. Instead, many Red Teams are using something called Assume Breach or White Carding, this allows the Red Team to skip certain portions of the initial...

Some time ago Karl Fosaaen with NetSpi came out with some pretty interesting research around Federated Services and Skype for Business. One of the attack vectors was being able to access other companies address books and sending them direct Skype for Business messages, including all the features that Skype for...

Red teaming is not penetration testing but penetration testing is red teaming. Information Security does not own red teaming. Red Teaming has been around for centuries and has been used throughout time for various purposes, assuredly most of these uses weren’t cyber. At its core, red teaming is applying a critical...

Threat hunting on Linux and Mac has probably never been easier. With the combination of these tools, we can query all of our hosts on demand for IOC’s, schedule queries to run on an automated basis and feed all of these results into our SIEM. Osquery is even platform agnostic...

I’ve been going through CyberWarDog’s Threat Hunting posts as of late and stumbled upon his ‘[Hunting for In-Memory Mimikatz][1]’ Series. The methods used to build signatures are very straight forward and seem to remove a barrier to entry for figuring out how to profile malicious tools. [The method used to...

I recently setup ELK in order to begin collecting logs from Sysmon for security monitoring in my lab. The problem I could foresee running into was the issue of disk space. Unfortunately when my ELK server runs out of space, it runs out of space. I needed a way to...