In our last post, we explored 3 of the most important security headers: Content-Security-Policy, Strict-Transport-Security and X-Frame-Options. In this post, we’ll review four additional security
Continue ReadingIntroduction "Hey, can you review this document? You might have to enable macros due to formatting lol" Attachment: ImportantDocument.docm We've all seen phishing
Continue Readingtl;dr: Create a macro-enabled Excel workbook using the .NET library EPPlus to bypass some A/V detection. We created Hot Manchego to help pen testers
Continue ReadingThe github repo for SQLClient is available here - https://github.com/FortyNorthSecurity/SqlClient On an assume breach assessment, FortyNorth was able to successfully obtain a
Continue ReadingIn this post, we'll go over creating a more covert application for the Proxmark3 using the BlueTooth module we installed previously along with some ideas for
Continue ReadingHello everyone. With the severity of the Covid-19 virus and people trying to work from home as much as possible we wanted to document how to
Continue Readingtl;dr EXCELntDonut takes C# source code as an input, converts it into shellcode, and generates an XLM (Excel 4.0) macro that will inject the
Continue ReadingA C# tool to screenshot user's desktop(s) complete with multiple checks. Will work with Cobalt Strike's Execute-Assembly. Best name we could think of since SharpShooter
Continue ReadingA month ago, we finished a series of six web application assessments for local and regional banks. In addition to common web vulnerabilities, like SQLi, we
Continue Readingtl;dr Separate your C# payload from a MSBuild XML file and host it remotely on a WebDav server. Red teams and attackers frequently repurpose MSBuild,
Continue ReadingIntroductionHello, meet ngrok (https://ngrok.com/), an easy way to tunnel traffic from a local machine (i.e. VM) to an external address. With ngrok, you
Continue ReadingMiddleOut (a salute to Silicon Valley) is a tool written in C# that compresses any number of files passed to it. I wanted to learn .Net
Continue ReadingEver since its initial release, EyeWitness has only had a Linux version (originally in Python 2, and now in Python 3). This has proven very useful
Continue ReadingC2concealer is a python3 command-line tool that generates c2 malleable profiles for use with Cobalt Strike. Looking to get up and running quick? Code is available
Continue ReadingA few months ago, we decided to look into additional options that exist for command and control (C2), specifically what we can use for "redirectors". We
Continue ReadingTL;DR: Use MSBuild’s UnregisterAssembly task to execute arbitrary code in a .NET assembly. A few weeks ago, Casey Smith (@SubTee) tweeted this out: Followed
Continue ReadingIn this post we'll go through connecting the proxmark (and fixing any issues) on a fresh Kali 2019.4 install, and updating all aspects of the
Continue ReadingIn this post, we'll go over installing the bluetooth/battery module on a brand new Proxmark3 RDV4. The optional module is a great addition to the
Continue ReadingJenkins is an open source application which is nearly always targeted by attackers, but is also incredibly useful when used legitimately. It can help automate test
Continue ReadingWe can all celebrate that the 4.0 release of Cobalt Strike has happened before the holidays, and with it comes some really useful changes! One
Continue ReadingIn the first blog post of our DevSecOps series, we talked about looking at security considerations for the Terraform code and the data within it. For
Continue ReadingThis past October, I had the opportunity to speak with Robin Wood (@digininja) about “The Security of DevSecOps” at Wild West Hackin Fest in Deadwood, South
Continue ReadingEyeWitness is a tool that has been around for many years and has seen many updates (huge shout out to Rohan (@cptjesus) for all of his
Continue ReadingIn our previous blog post, we talked about how you can obtain the password hashes from a Domain Controller within Azure without ever needing to interact
Continue Reading