Alternative Execution: A Macro Saga (part 4)
Thanks for returning to the “Alternative Execution: A Macro Saga” series! ( Here’s part 1, part 2, and part 3) It’s been a busy past few months, and I had […]
Red Team
Alternative Execution: A Macro Saga (part 3)
In the last few blogs in this series (part 1 & part 2) we worked through scenarios making use of the ActiveX controls InkPicture and WMPlayer to trigger macro execution. […]
Alternative Execution: A Macro Saga (part 2)
In the previous blog in this series, we worked through a scenario making use of the ActiveX control InkPicture to trigger macro execution. Macro execution utilizing the InkPicture object can […]
Alternative Execution: A Macro Saga (part 1)
This is the first in a series of blogs – if you’re interested in reading the full series the links are here: part 1, part 2, part 3, part 4, […]
DotNetToJScript – Redux
In my previous several blog posts (here, here, and here) we covered usage of a really interesting tool released about three years ago: the DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). Although it’s been […]
Advanced TTPs – DotNetToJScript – Part 3
In our last blog we walked through modifying the UnmanagedPowerShell project to produce a version of PowerShellRunner that’s compatible with DotNetToJScript. The end goal in that blog was to execute […]
Advanced TTPs – DotNetToJScript – Part 2
Last time we went through an overview of the awesome DotNetToJScript project, and why you should be interested in it for your Red/Purple Team testing. In this blog we’ll cover […]
Advanced TTPs – DotNetToJScript (Part 1)
About three years ago Google Project Zero’s researcher James Forshaw released the excellent DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). If you’re not familiar, it introduced an interesting method to reflectively load a .NET […]
Tales From The Red Team: Deploying Kali in Containers in Your Cloud
This is a story from one of our more recent Red Team engagements and what we did after gaining access to the target client’s environment. We breached the client’s perimeter […]
Tales From The Red Team: What the Heck is Virgo?
Our Red Team engagements generally start out as technical as possible. We start with OSINT and some light perimeter scanning to identify both human and technical targets, but we only […]