Any red team looking to improve is constantly adapting, changing their tactics and implementing new techniques & procedures. To many professionals in the industry, this is known as Tradecraft – a term that resonates with me. Previously, I had written about various tools that are used by the Tevora Threat Team…
This post will walk through the process of automatically decrypting a LUKS encrypted drive on boot using a chain of trust implemented via Secure Boot and TPM 2. Background The Tevora Threat Team uses deployable devices for remote testing. The current generation of these devices consist of commercial off the…
In this post we will demonstrate how Burp Collaborator can be leveraged for detecting and exploiting blind command injection vulnerabilities. Burp Collaborator is an excellent tool provided by Portswigger in BurpSuite Pro to help induce and detect external service interactions. These external service interactions occur when an application or system…
Tevora employs a lot of different tools depending on what our need is. During penetration tests and red teams one of the most common that is used is PowerView from PowerSploit. PowerView is an excellent tool in performing reconnaissance in Windows environments and provides a wealth of value. The functions…
TL;DR Here's how to decode some PowerShell commands so you can find IPs and other IOCs. Background Through consulting with several of our clients during IR engagements, we have discovered that several clients are taking steps to restrict and log PowerShell in their environment. However, in several engagements we…
