Out of The Box - Lateral Movements

With many defenders keenly focused on identifying malicious activity including lateral movement, we as attackers must adapt techniques beyond the vanilla offerings of our typical toolsets. These built pivoting in techniques, such as WMI and PSExec pivots in Cobalt Strike, are very convenient but often set off many alarms. We…

About Windows Process/Thread Tokens and Pass The Hash

Windows has a rich security model that is worth understanding to operate effectively on a red team or pentest. There are many great resources that discuss this topic. We will reference them and attempt to distill the foundational concepts and the operational points you should know. Specifically, we will focus…

Email Enumeration with Prowl

During an engagement, having an email list for your target can be useful for a variety of reasons. When it comes to social engineering and password spraying, more email addresses translate to higher chances of success. While some clients will provide an employee directory, for others it may be necessary…