Pentester Academy Course Review - Attacking and Defending Active Directory

Introduction I recently had the pleasure of purchasing and successfully completing Pentester Academy’s Attacking and Defending Active Directory Course. The main objective of the course is to provide a high quality learning platform for security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course author is Nikhil Mittal who is a seasoned AD penetration tester and researcher. The course’s overall approach is to teach how to perform a Red Team assessment with an assume breach mentality. Read On →

Empire Domain Fronting With Microsoft Azure

Introduction Domain Fronting used to be all the rage a while back. It’s still actively being used by Red Teams and Malicious operators. My interest was recently renewed by this detailed blog post by digininja and this one by @rvrsh3ll. This post doesn’t present any new research as there have been plenty of resources detailing how to setup domain fronting for Empire and Cobaltstrike. I wanted to post one for using Empire with Microsoft Azure since I didn’t see one detailing the setup. Read On →

Cobaltstrike Over External C2 via Dropbox

Introduction After completing the OSCP, I wanted to really learn python and create a tool that would be useful to the InfoSec community. A while back, I saw a few awesome tools leveraging command and control for Cobaltstrike via the External c2 specification. The post from Rhino Security Labs specifically caught my eye since it was built specifically for Cobaltstrike using the Externalc2 specification and it was created using python. Read On →

Dropbox Command and Control Over Powershell With Invoke DBC2

Consider a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a few specific servers or 3rd party File Sharing websites. In this situation, there are still a few options a tester can use. One of those is DNS command and control and the other is Command and control over file sharing sites such as Dropbox and Google docs. Read On →