Show more

: Day 2d : team server built. Target built. Tried out a payload and tried out a web attack. Had to turn off all the Defender capabilities to get it to go. Time revisit weaponization video and notes to get more realistic. Also learned about pktmon (learn.microsoft.com/en-us/wind), which has an option to turn etl to pcapng!

: Day 1d : Holidays haze plans. Started building out lab. Teamserver stood up. Will finish standing up target host tomorrow and start puttering around the UI.

: day 7b : Watched some videos on YouTube, by Mudge. Thinking through and planning the Execution, Persistence, C2, and possibly Lateral Movement phases of a exercise. Keeping Exfiltration and Impact off the table for this one and putting Persistence and Lateral Movement on the "maybe" or the "secondary" list.

: day 6b : Finished reading Responsible Red Teaming. Noodled on threat models post-Initial Access via Rubber Ducky. &ck

: day 5b : Spent more time tinkering w/RubberDucky and started working on the next section of Responsible Red Teaming. Also conflab w/coworkers.

: Day 4b : Spent a little time looking at RubberDucky and did a simple test w/a . The bad usb capability looks very useful.

Finished yara rule section of Responsible Red Teaming and read through the C2 section. Itching to "lab it up"!

: Day 3b : Working on cleaning up notes from yesterday. Need to capture lesson learned from Friday, as well--when searching for vhosts using fuff, check the http headers to see if "Host: FUZZ.${TARGET}" or "Host: FUZZ" is needed.

Also a note for , are you testing USB detective controls every now and then? My next test is going to be with a --if the tooling doesn't recognize it, gonna amp it up w/some BadUSB shennanigans.

: Day 2b : new release today. Needed a few nudges and learned about a newer feature in some tooling and about a tool that comes on Linux I hadn’t seen before.

: Day 1b : Fell off the wagon. Got back into it today. Hacked on machine cronos with a coworker. One of my tools let me down. Need to figure what that was about.

@JV3MJD Yeah, I don't think General Marshall would have been down with what these nitwits have been cooking up, either.

: Day31 : Today's advent cyber challenge is sorted. I don't *really* care much about "Web3.0". ::old man shakes fist at cloud:: But, it is good to at least have a high-level view of what's going on "out there". Not sure how I was *supposed* to get the flag, I just bash-ed at it until it made sense.

: Day 30 : Today's advent cyber challenge is sorted. Cyberchef is pretty slick. Outside the ctf, banged around in another SIEM-ish product exploring remote access behaviors. (Have *you* ever looked at RDP, ssh, vnc, telnet, etc. traffic in your network?)

: Day 29 : Today's advent cyber challenge is sorted. Outside of the ctf, spent some time getting re-acquainted with Splunk.

ath0 boosted
ath0 boosted

One of the best animated stories I've watched: Sita Sings the Blues
youtu.be/RzTg7YXuy34

: Day 28 : Today's advent cyber challenge is sorted. Didn't reckon hydra was really still a thing.

: Day 27 : Today's advent of cyber challenge is sorted. Nmap and smbclient are your friends. I've got a flipper zero now, so I'm poking around with that. Firmware is updated. Looking at a couple of alternative firmware options. Gonna try out some nfc and badge reading tomorrow.

@TessaForDemocracy I missed the part of the report suggesting motive. Is there another article connecting those dots?

@f3dUp73xan The first couple have not needed much time. I reckon they'll get get harder. Start now!

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.