It is a question that gets posed to me pretty frequently: “Do you miss being a red teamer?” If you came all the way to my blog to see the answer, I will save you some time and from reading a couple hundred words — No. The real meaning of…

As an attacker, it is all too easy to settle down into a rhythm. That rhythm of operations, the specific techniques and automation involved with conducting offensive work, boiled down to foundational tradecraft decisions that are often reused between campaigns. Why reuse of tradecraft between campaigns? Well, it enables scalable…

This is part three of a blog series titled: Common Ground. In Part One , I discussed the background and evolution of red teaming. I dove deep into how it applies to the information security industry and some limitations that are faced on engagements. In Part Two , I discussed…

This is part two of a blog series titled: Common Ground. In , I discussed the backgrounds and evolution of red teaming, diving deep into how it applies to the information security industry and some limitations engagements face. In this part, I will discuss common components of red team planning…

Over the past ten years, red teaming has grown in popularity and has been adopted across different industries as a mature method of assessing an organization’s ability to handle challenges. With its widespread adoption, the term “red team” has come to mean different things to different people depending on their…

I love seeing red and blue teams square off during an engagement. It works best if both sides avoid selfish desires and focus on the task at hand; improvement and training is the ultimate goal. A key component of the offensive aspect of this feud is the ability for the…

Since the release of PowerShell Empire at BSidesLV 2015 by Will Schroeder (@harmj0y) and myself, the project has taken off. I could not be more proud of the community of contributors and users that have rallied together to help us maintain and continue building Empire. Since the project’s release, Matt…

Network attacks (WPAD Injection, HTTP/WSUS MITM, SMB Relay etc.) are a very useful attack vector for adversaries trying to laterally spread, gather credentials or escalate privileges in a semi-targeted manner. This vector is used by known adversaries attempting to penetrate deep into networks, and numerous threat/malware reports have cited tools…

Intro User hunting is the process of tracking down where users are logged in or have a session in the network. By locating their login or session, you might be able to gain access to that Machine, privesc (if required), and operate in the context of the new user. This is…