Using GitHub Actions to manage CI/CD for Empire
We’ve been using GitHub actions for Empire and Starkiller for quite some time now. It’s been a significant productivity boost for our releases because we manage multiple versions of the…
Why Most Red Teams are Really Pentesters
Something that we have seen increasingly often on Twitter recently is people ostensibly posting about “Red Teams” and how if they did what APT X did, all their colleagues would…
Creating an approval button and workflow in N8N via Telegram
Approval Workflow Example for N8N Have you ever had a workflow automation that needed a human decision to progress a workflow? Well look no further, you can now do that…
How to use Home Assistant / NodeRed to set up Holiday Lights to fake your presence.
So you have a smart home, you have all the lights set up and running as you like but you are about to go on holiday and want to make…
Maldocs Are Evolving
Unless you have been living under an infosec rock the past couple of weeks, you probably heard about the Follina exploit, which allows attackers to achieve remote code execution via…
Empire 4.5
It has been another exciting week for the team. First we are just a week away for our inaugural course for Advanced Threat Emulation: Evasion. Second, we were able to…
Empire 4.4
It has been a while since we have been able to discuss the new features in Empire. We wanted to take some time to discuss some upgrades under the hood…
Weaponizing WebDAV for Offensive Security
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post…
Rebuilding IronNetInjector – Turla’s IronPython Toolkit
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not a toolkit that we had a lot of experience with…
Empire 4.2
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. This version has added some new capabilities to keep our threat…
Hacktoberfest 2021
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest? Hacktoberfest is a yearly event that encourages participation in the…
Hooks, Filters, and Other Really, Really, Cool Things
In case you don’t check our commit history on our GitHub on a daily basis, Empire 4.1 and Starkiller 1.9 were released to Kali and Sponsors this week! This release has some much-needed quality of life…
Community Contributors Program
Now that Defcon and Blackhat are checked off for the year, we can get back to real work the fun stuff. Are you an infosec developer, blogger, Blue Teamer, or…
How to use n8n to automatically scrape Victims from Ransomware dark web onion blogs via TOR proxy
This step by step tutorial will show you how to use n8n to auto scrap TOR dark web onion websites to extract data, such as ransomware victims. This data can…
How to create a Wireguard QR Code
If you have seen my previous tutorials, where I have created a PfSense Wireguard tutorial this will compliment that. Start by installing ....
Setting up Telegram Notifications on Synology DSM 7.X
If you are like me and use Telegram for everything, personal or work then I bet you’d want to have your NAS alerts all in Telegram too! So let's get…
Step by step guide on Setting up NordLynx Wireguard VPN in PfSense
IF you already use NordVPN, you will be well aware that they refuse to give out the WireGuard config information and make you use the NordVPN App. However, it's relatively…
Using MITRE D3FEND Framework (0.9.3-BETA-1)
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released D3FEND, a complementary framework to its industry-recognized ATT&CK matrix. MITRE D3FEND Framework The basic idea behind…
XLS Entanglement
VBA tradecraft is constantly evolving and this past winter, I came across some articles from Adepts of 0xCC. Specifically, their article Hacking in an Epistolary Way: Implementing Kerberoast in Pure…
Vcenter Server CVE-2021-21985 – RCE PAYLOAD – POC
Note: Vsphere UI is Tomcat middleware by default, so arbitrary code can be executed in the manner of Tomcat RMI Bypass. Step 1 setTargetObject to null POST /ui/h5-vsan/rest/proxy/service/&vsanProviderUtils_setVmodlHelper/setTargetObject HTTP/1.1Host: 192.168.18.17Connection:…
Overview of Empire 4.0 and C#
The release of Empire 4.0 is just around the corner and we wanted to take some time to walkthrough some of its new features. So what is Empire 4.0? It…
Empire Dropbox C2 Listener
One of the lesser-known features in Empire is the ability to use alternative Command and Control (C2) methods. Specifically, we can leverage the Dropbox API as a C2 channel, which…
How To manually check CVE-2021-3156 | Sudo buffer overflow
To test if you are vulnerable to sudo buffer overflow for CVE-2021-3156 use the following command sudoedit ....