#hack100days : day 10d : Banged around with #cobaltstrike some more today. Put my wrapper testing for userid and hostname around a call to get a payload and those bits worked--after disabling the protections on the target box. Need to troubleshoot my flags on pktmon to get that working right. Downloaded the arsenal scripts and next action will be to take that apart to understand. Must. Figure. Out. Obfuscation. #redteam #infosec #cososec

#hack100days : day 9d : Little thin today. Threat modelling galore. Some time at an #infosec meetup talking to a peer re: #cobaltstrike and #redteam #operations. Good to have a sounding board! #cososec

#hack100days : Day 8d : Watched more of Red Team Operations with #cobaltstrike from Raphael Mudge. Finished Initial Access and watched Post Exploitation. Likely going to need to watch that last one again. Some of the info is beyond what I've had to work with before. Malleable C2 profiles may take some time to get good at. #redteam #infosec #cososec

#hack100days: Day 7d : Kept chipping away at #hackthebox new release broscience. Good challenge for #webappsec testing. Recognized an #owasp top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress... #infosec #sharpenthesaw

@ketchup9080 Thank you, I'll keep that in mind. I may not get back to it until Thursday.

#hack100days: Day 7d : Kept chipping away at #hackthebox new release broscience. Good challenge for #webappsec testing. Recognized an #owasp top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress... #infosec #sharpenthesaw #cososec

#hack100days: Day 6d: Continued working on #hackthebox new release bioscience. Went down some enumeration rabbit holes. Found some usernames. Still need to figure out initial access. #infosec #cososec

#hack100days: Day 5d : Worked on #hackthebox new release broscience. #infosec #cososec (Went to a basketball game today, which took a lot of time. M-I-Z!)

@InvaderGzim Not really. There's a video series on YouTube: https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no by the guy who started it. There is also this cert that features CS: https://training.zeropointsecurity.co.uk/courses/red-team-ops One day. #cobaltstrike #redteam #infosec

#hack100days : Day 4d : Today's efforts on this were thin. Took a stab at using #ChatGPT to write a draft of my script and it's going to be a good place to start. #infosec #cososec

#cosomusic Digging this De La Soul song, Fallin': https://open.spotify.com/track/5H1KBkH6YC1qo8RXlLDeuw

#hack100days : Day 3d : More work on target box. Sorted out how to use pktmon and re-learned Hyper-V checkpoints. Next action, w/protections off, write a script to test for user, target box. If pass, then set pktmon filter and start pcap, call back to teamserver for payload, and ???. Else, call to a web listener w/a "I'm not in the right place" message. Once that works, start working on payload obfuscation to get to a point where I can turn protections back on. #lab #redteam #infosec #cososec

@JoyfullyDazed If 8 more Rs do that or vote "Present", then I think Jeffries wins.

@JoyfullyDazed Looks like Ken Buck (CO) didn't vote, according to NYT website.

@BlueStateBabe Goetz

@th3j35t3r Twenty of them, most certainly. They're full on subscribers of Goldwater's theory "government should be small enough to drown in a bucket."

Have the #clownshow on in the background. Hadn't noticed before, facing the podium, Dems are on the left and the GQP is on the right. Was that by design?

@th3j35t3r The BadUSB functionality has been an eye opener, along w/the frequency analyzer.