#hack100days — Public Fediverse posts

#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart

#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart

#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart

#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart

#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam

#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam

#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam

#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days Day 6. Revisited extending CS section. Definitely need to spend time with this stuff in the lab. Use of winapi could lead to trouble, so need to grok how to finesse that. Gotta hide from EDR.

#hack100days Day 6. Revisited extending CS section. Definitely need to spend time with this stuff in the lab. Use of winapi could lead to trouble, so need to grok how to finesse that. Gotta hide from EDR.