EyeWitness - Looking Sharp

Ever since its initial release, EyeWitness has only had a Linux version (originally in Python 2, and now in Python 3). This has proven very useful

Continue Reading
Introducing C2concealer: a C2 Malleable Profile Generator for Cobalt Strike

C2concealer is a python3 command-line tool that generates c2 malleable profiles for use with Cobalt Strike. Looking to get up and running quick? Code is available

Continue Reading
Azure Functions - Functional Redirection

A few months ago, we decided to look into additional options that exist for command and control (C2), specifically what we can use for "redirectors". We

Continue Reading
Another MSBuild Invocation (February 2020 Edition)

TL;DR: Use MSBuild’s UnregisterAssembly task to execute arbitrary code in a .NET assembly. A few weeks ago, Casey Smith (@SubTee) tweeted this out: Followed

Continue Reading
Intro To The Proxmark3 RDV4: Part 2 - First Run on Kali

In this post we'll go through connecting the proxmark (and fixing any issues) on a fresh Kali 2019.4 install, and updating all aspects of the

Continue Reading
Intro To The Proxmark3 RDV4: Part 1 - BT/Battery Module Installation

In this post, we'll go over installing the bluetooth/battery module on a brand new Proxmark3 RDV4. The optional module is a great addition to the

Continue Reading
The Security of DevSecOps - Jenkins

Jenkins is an open source application which is nearly always targeted by attackers, but is also incredibly useful when used legitimately. It can help automate test

Continue Reading
Cobalt Strike 4.0 - HTTP Variants

We can all celebrate that the 4.0 release of Cobalt Strike has happened before the holidays, and with it comes some really useful changes! One

Continue Reading
The Security Of DevSecOps - Terraform Authentication

In the first blog post of our DevSecOps series, we talked about looking at security considerations for the Terraform code and the data within it. For

Continue Reading
The Security of DevSecOps - Terraform Code

This past October, I had the opportunity to speak with Robin Wood (@digininja) about “The Security of DevSecOps” at Wild West Hackin Fest in Deadwood, South

Continue Reading
Python3 EyeWitness

EyeWitness is a tool that has been around for many years and has seen many updates (huge shout out to Rohan (@cptjesus) for all of his

Continue Reading
PowerShell, Azure, and Password Hashes in 4 steps

In our previous blog post, we talked about how you can obtain the password hashes from a Domain Controller within Azure without ever needing to interact

Continue Reading
Obtain D.C. Hashes within Azure in 4 Easy Steps

Extraction without InteractionA while back, I read this article from @_StaticFlow_ about a tool release for stealing hashes from a domain controller running in AWS. I

Continue Reading
How to Bypass WDAC with dbgsrv.exe

Microsoft Applications and BlocklistNote: This blog post contains the details from Casey Smith and Ross Wolf’s BlackHat USA 2019 presentation Most application whitelisting bypasses that

Continue Reading
Aggressive MSBuild - Bypass Detection

It’s no secret that Casey Smith’s research into bypasses has changed how nearly everyone in the industry approaches testing and circumventing application whitelisting solutions.

Continue Reading
Under-the-hood: WMImplant Invoking PowerShell

WMImplant is a powerful PowerShell based tool that enables its users to conduct nearly any post-exploitation action and exclusively using WMI to do so. We’ve

Continue Reading
Jenkins - More than Just Target Practice

Jenkins Header ImageWhy JenkinsFor a while, FortyNorth Security has been exploring different options that will automate building internal tools and running tests against code as it

Continue Reading
Red Team Training - BlackHat USA 2019

Intrusion OperationsLearn About Advanced Red Teaming And Malware CustomizationHave you ever struggled conducting a red team assessment against an organization with mature security programs? Or, maybe,

Continue Reading
Apache Guacamole: How To Install and Configure

A few months ago, we had a need for an easy Remote Desktop Protocol gateway (RDP gateway), and we weren’t sure what would be best

Continue Reading
Egress-Assess: 3 Updates That You'll Love

It’s been quite some time since there’s been an Egress-Assess update and multiple developers have contributed code that helped expand its capabilities. We use

Continue Reading
Windows ASR Rules & (Re)Enabling WMI When Blocked

Recently there have been tweets about Windows Attack Surface Reduction (ASR) rules and I wanted to take the chance to dive into a topic that I

Continue Reading
A Call for Collaboration

If you didn’t make it to Wild West Hackin Fest 2018, be sure to bookmark their page, www.wildwesthackinfest.com, for 2019 tickets. This event

Continue Reading
AggressorAssessor - Cobalt Strike Aggressor Scripts

I (@ChrisTruncer) had the opportunity to speak at Wild West Hackin Fest last week along with Harley LeBeau (@r3dQu1nn) on a topic we called “Aggressive Autonomous

Continue Reading
Base64 Encoding & Decoding with CLM

TLDR – Here’s the link: https://github.com/FortyNorthSecurity/CLM-Base64 Why Writing CLM-Compliant V2 Code?Following in the footsteps of those I originally learned from (@mattifestation

Continue Reading
An Intro to Terraform with Azure, PFSense, and Windows 10

I’ve recently begun using Terraform to automate infrastructure deployment as both a means to save time and ensure the systems are configured in the manner

Continue Reading