WSH Injection: A Case Study

At BSides Nashville 2017, Casey Smith (@SubTee) and I gave a talk titled Windows Operating System Archaeology…

UMCI vs Internet Explorer: Exploring CVE-2017–8625

BlackHat USA 2017/DEF CON 25 Roundup

It was a whirlwind week in the infosec community at “Hacker Summer Camp,” and many great talks, tools, and projects were unleashed at BlackHat 2017 and DEF CON 25. Here are some of my favorites from last week in Las Vegas.

Attack Infrastructure Log Aggregation and Monitoring

Randomized Malleable C2 Profiles Made Easy

Malleable Command and Control (C2) profiles provide red teamers and penetration testers with a wealth of options to modify how Cobalt Strike both appears on the wire and on the compromised host. Malleable C2 can be used to impersonate actual threat actors…

The PowerView PowerUsage Series #2

This is the second post in my “PowerView PowerUsage” series. The original post contains a constantly updated list of the entire series. This post will follow the same scenario/solution/explanation format, and is definitely a bit simpler than the first post.