Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs - praetorian-inc/purple-team-attack-automation

Using the Service Control Manager and built-in services for lateral movement.

WMImplant is a powerful PowerShell based tool that enables its users to conduct nearly any post-exploitation action and exclusively using WMI to do so. We’ve blogged about out-of-the-box detection opportunities for WMImplant, how to copy files, searching…

Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it's a good practise to try to avoid egghunters…

Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.

Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all records and gather information about host in the network.…

The first in the new series of streams! We're building a .NET Meterpreter implementation from scratch. In this stream, we're just going over what's…

In this post we will discuss the design and implementation of peer-to-peer command and control protocols in general, as well as the…

Deploying Covenant

Code injection, evasion

This document summarizes a presentation on malicious payloads using PowerShell. It discusses how attackers often use PowerShell due to its native Windows capabilities and offensive tradecraft possibilities. The presentation provides examples of PowerShell…

The following story is your opportunity to pretend you’re going up against a world-class security program’s defenses. You get to decide…

Breach: From recon to penetrating the perimeter, to actions on target.

Contribute to Pickfordmatt/SharpLocker development by creating an account on GitHub.