Performance, Diagnostics, and WMI
Windows offers tons of useful tools that administrators can leverage to perform their daily jobs. A lot of times, those tools are looked at from an offensive standpoint and use cases for them are discovered. Earlier this year I read a message from a co-worker Lee Christensen (@tifkin_) about Service Performance DLLs and upon further…
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
The contents of this blogpost was written by Nick Powers (@zyn3rgy) and Steven Flores (@0xthirteen), and is a written version of the content presented at Defcon30. With the barrier to entry for initial access ever increasing, we spent some time digging into potentially lesser-known weaponization options for ClickOnce deployments. A few of the hurdles we’d like…
Move faster, Stay longer
Offensive operators typically have their set of “go to” post-exploitation tools and methodologies. Among these, is Cobalt Strike – a very robust and defacto red teaming command and control (C2) platform that has many great built-in features. One of my favorite things about Cobalt Strike is the ability to customize different facets to meet your…
Revisiting Remote Desktop Lateral Movement
It’s no secret that attackers are looking for new techniques to execute lateral movement. However, there are only a handful of publicly known techniques that are typically used. This post doesn’t highlight a new lateral movement technique but instead offers a new way to leverage a known method in your favorite Command and Control (C2)…
0xthirteen 