Using GitHub Actions to manage CI/CD for Empire
We’ve been using GitHub actions for Empire and Starkiller for quite some time now. It’s been a significant productivity boost for our releases because we manage multiple versions of the…
InfoSec News & Tutorials
Tutorials
We’ve been using GitHub actions for Empire and Starkiller for quite some time now. It’s been a significant productivity boost for our releases because we manage multiple versions of the…
Something that we have seen increasingly often on Twitter recently is people ostensibly posting about “Red Teams” and how if they did what APT X did, all their colleagues would…
Today we wanted to cover one of the lesser-known functions in Empire, the ReverseShell stager. The name may not be as intuitive, so standby for a future name change, but…
Approval Workflow Example for N8N Have you ever had a workflow automation that needed a human decision to progress a workflow? Well look no further, you can now do that…
So you have a smart home, you have all the lights set up and running as you like but you are about to go on holiday and want to make…
Unless you have been living under an infosec rock the past couple of weeks, you probably heard about the Follina exploit, which allows attackers to achieve remote code execution via…
It has been another exciting week for the team. First we are just a week away for our inaugural course for Advanced Threat Emulation: Evasion. Second, we were able to…
It has been a while since we have been able to discuss the new features in Empire. We wanted to take some time to discuss some upgrades under the hood…
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post…
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not a toolkit that we had a lot of experience with…
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. This version has added some new capabilities to keep our threat…
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest? Hacktoberfest is a yearly event that encourages participation in the…
In case you don’t check our commit history on our GitHub on a daily basis, Empire 4.1 and Starkiller 1.9 were released to Kali and Sponsors this week! This release has some much-needed quality of life…
Now that Defcon and Blackhat are checked off for the year, we can get back to real work the fun stuff. Are you an infosec developer, blogger, Blue Teamer, or…
This step by step tutorial will show you how to use n8n to auto scrap TOR dark web onion websites to extract data, such as ransomware victims. This data can…
If you have seen my previous tutorials, where I have created a PfSense Wireguard tutorial this will compliment that. Start by installing ....
If you are like me and use Telegram for everything, personal or work then I bet you’d want to have your NAS alerts all in Telegram too! So let's get…
IF you already use NordVPN, you will be well aware that they refuse to give out the WireGuard config information and make you use the NordVPN App. However, it's relatively…
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released D3FEND, a complementary framework to its industry-recognized ATT&CK matrix. MITRE D3FEND Framework The basic idea behind…
VBA tradecraft is constantly evolving and this past winter, I came across some articles from Adepts of 0xCC. Specifically, their article Hacking in an Epistolary Way: Implementing Kerberoast in Pure…
Note: Vsphere UI is Tomcat middleware by default, so arbitrary code can be executed in the manner of Tomcat RMI Bypass. Step 1 setTargetObject to null POST /ui/h5-vsan/rest/proxy/service/&vsanProviderUtils_setVmodlHelper/setTargetObject HTTP/1.1Host: 192.168.18.17Connection:…
The release of Empire 4.0 is just around the corner and we wanted to take some time to walkthrough some of its new features. So what is Empire 4.0? It…
One of the lesser-known features in Empire is the ability to use alternative Command and Control (C2) methods. Specifically, we can leverage the Dropbox API as a C2 channel, which…
To test if you are vulnerable to sudo buffer overflow for CVE-2021-3156 use the following command sudoedit ....