Category Archives: How to red team

Tales of a red teamer: Deploying shenanigans to Windows with Ansible

Deployment is commonly referred to as “the process of distributing the red team’s malware into the blue team’s machines”. Ansible provides a mechanism to connect to a Window machine, configure it, run command(s), and copy files to the target. Therefore, I often say, “If it’s good for sys admins, it’s good for red team”. In this blog post, I have provided an Ansible playbook that can be used to distribute the red team’s shenanigans to a list of targets, regardless of the red teamer’s host OS.

Continue reading

Tales of a Red Teamer: How to setup a C2 infrastructure for Cobalt Strike – UB 2018

This past weekend, I had the pleasure of red teaming at University of Buffalo’s competition called Lockdown. It was a great competition and I had a lot of fun learning new red team tools and challenging the blue teamers on Windows. This blog post will focus on my C2 infrastructure setup for Cobalt Strike. I did a similar post last semester with PowerShell Empire, which can be found here.

Continue reading

How to red team: Domain fronting with Powershell Empire and CloudFront

Domain fronting is a new a technique to obfuscate the intended destination of HTTP(S) traffic. This allows attackers to circumvent security controls by masking the intended destination with “trusted” domains. In this blog post, I will setup AWS’s CloudFront CDN service to mask the destination of my Empire TeamServer.

Continue reading

Tagged

Part 4: How to Red Team – Obtaining initial access

In this blog post, I will be demonstrating different techniques to obtain initial access to Windows and Linux machines. Initial access is the action of using credentials or an exploitation of a remote machine to execute malicious code. In a Red vs. Blue competition, gaining initial access is one of the very first things the red team does. The dynamic of the entire competition hangs in the balance of the red team gaining initial access.

Continue reading

Tales of a Red Teamer: How to setup a C2 infrastructure for Powershell Empire – UB 2018

This past weekend, I had the pleasure of red teaming at University of Buffalo’s competition called Lockdown. It was a fantastic competition and I had ALOT of fun interacting/challenging the blue teamers on Windows. This blog post will focus on my C2 infrastructure setup for Powershell Empire.

Continue reading