Justin WarnerUsing Kaitai to Parse Cobalt Strike Beacon ConfigsI have seen a definite uptick in security researchers hunting Cobalt Strike servers, and tweeting/sharing indicators or config data. There…Apr 6, 2021Apr 6, 2021
Justin WarnerDo You Miss Being a Red Teamer?It is a question that gets posed to me pretty frequently: “Do you miss being a red teamer?” If you came all the way to my blog to see the…Jul 23, 2018Jul 23, 2018
Justin WarnerInfrastructure Diversity — Hunting In Shared InfrastructureAs an attacker, it is all too easy to settle down into a rhythm. That rhythm of operations, the specific techniques and automation involved…Apr 5, 2017Apr 5, 2017
Justin WarnerCommon Ground Part 3: Execution and the People FactorThis is part three of a blog series titled: Common Ground. In Part One , I discussed the background and evolution of red teaming. I dove…Jul 5, 2016Jul 5, 2016
Justin WarnerCommon Ground: Planning is KeyThis is part two of a blog series titled: Common Ground. In , I discussed the backgrounds and evolution of red teaming, diving deep into…Jun 28, 2016Jun 28, 2016
Justin WarnerCommon Ground Part 1: Red Team History & OverviewOver the past ten years, red teaming has grown in popularity and has been adopted across different industries as a mature method of…Jun 24, 2016Jun 24, 2016
Justin WarnerCreepy User-Centric Post-ExploitationI love seeing red and blue teams square off during an engagement. It works best if both sides avoid selfish desires and focus on the task…May 16, 2016May 16, 2016
Justin WarnerEmpire & Tool Diversity: Integration is KeySince the release of PowerShell Empire at BSidesLV 2015 by Will Schroeder (@harmj0y) and myself, the project has taken off. I could not be…Feb 11, 2016Feb 11, 2016
Justin WarnerRemote Weaponization of WSUS MITMNetwork attacks (WPAD Injection, HTTP/WSUS MITM, SMB Relay etc.) are a very useful attack vector for adversaries trying to laterally…Feb 5, 2016Feb 5, 2016