TL;DR Here's how to decode some PowerShell commands so you can find IPs and other IOCs. Background Through consulting with several of our clients during IR engagements, we have discovered that several clients are taking steps to restrict and log PowerShell in their environment. However, in several engagements we…
Agenda Reading Time: 20mins This blog will cover what redirectors are, why they are important for red teams, and how to automate their deployment with Ansible. This is the first post in our RTOps blog series, and will serve as a jumping off point for further redirector strategies, and Red…
Release### We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows you to turn centralized management, monitoring, and security tools into C2 infrastructure. Check out the tool on Github: https://github.com/tevora-threat/SecSmash Secsmash is a modular framework for leveraging credentials to…
Background Password cracking is a crucial part of a pentest. It can either lead you to the promised land, or stop you dead in your tracks. Password cracking is somewhat of an art, but there are some ways to make the process objectively better, so you can focus on more…
BloodHound When I came across the tool BloodHound, it quickly became one of the go-to tools in my arsenal. BloodHound has increased my speed and efficiency on most engagements and so I wanted to share what I've learned about the tool to help you get started with it. In this…
