redteam Featured BYODC - Bring Your Own Domain Controller BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.
redteam Multiple Paths to Compromise An Environment Attack paths and compromising systems are something we, as attackers, thrive in. Many areas of system weakness can be attacked and leveraged to gain a foothold or an upper hand within an environment.
ZTH ZTH-CH4: Hook & Sling - Phishing For Gold To this date, phishing is one of the most prevalent first stages of entry to an organisation, a lot of threat actors
automation Featured HoneyPoC is Dead - Long Live Disinformation This short blog post explains what each tool does and overviews the use/reason for the release. Release of AutoPoC and SandboxSpy.
carhacking Free Audi MMI Maps and Speedcams Update 2022/2023 Update Audi Maps and Speedcams for free; files and steps are included for Maps 2022/2023. All without the need for OBDeleven or VCDS. This process will work for other VAG cars too not just Audi.
azure Featured Azure Attack Paths: Common Findings and Fixes (Part 1) This post will walk through various services within the Azure catalogue and look at potential attack paths.
redteam Featured Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6 A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.6
redteam Featured Chasing the Silver Petit Potam to Domain Admin Exploiting Petit Potam in a different way to force some downgrade and protocol attacks.
A Minor Update - No Blog Posts for a While! Readers of ZSEC and my Twitter feed, A quick message/explanation. I have published my last two blog posts for a while as I am working on my second book; LTR102 [https://leanpub.com/LTR102-Expanding-Your-Security-Horizons] which is almost complete but as I write a lot on a fortnightly basis there
2021 - Looking Back on a Great Year I have made it somewhat of a tradition to look back at the previous 12 months in a blog post on the last day of the year or last week of the year. Both from a professional perspective and personal life. Acting as a timeline, look back at my technical
redteam Featured Tunnelling For Offensive Security One thing that comes up a lot when it comes to red teaming, penetration testing and breaching a network is being able to proxy traffic into multiple environments.
honeypoc Featured AutoPoC - Validating the Lack of Validation in PoCs HoneyPoC was a project to look at how popular CVE PoCs could be. AutoPoC took that concept and enabled the mass creation of disinformation. Also, Data is beautiful.
ltr101 Featured LTR102 - Teaser I started writing LTR102 a while ago but have decided to release a teaser chapter of the new book for free for folks to check out and feedback on. This is the introduction and chapter 1.
redteam ADExplorer Exporting Quick Tip Working with ADExplorer as a Red Teamer is really useful for seeing the whole domain in a single snapshot that can be looked at offline. There is minimal tooling out there for parsing ADExplorer or even exporting things and the closest I could find was ADEGrab [https://github.com/stufus/
Featured Some of the [Many] Problems with Security Skills Some of the problems with Security/Infosec/Insert whatever you want to call this industry here and the discussion around skills shortage plus realisation that the expectation vs reality on both sides of the fence needs to be reaffirmed.
blueteam Featured Locking Down SSH - The Right Way A little guide for locking down a VPS or similar to ensure your SSH connection is as secure as can be.
redteam Social Profiling - OSINT for Red/Blue One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy enumeration.
redteam Featured Old but Gold - Attack and Defend the Sys Admins Older techniques used in a sysadmin space, weaponised for red teaming and how to detect them from a blue team perspective.
redteam Featured Paving The Way to DA - Complete Post (Pt 1,2 & 3) As this series is a three part and dives into how to get domain admin in a windows estate using different techniques I found it useful to link them altogether in one flowing post, yes it is a straight pull of the other posts into one continuous post but it
bugbounty Reviving and Refactoring DNS Enum I have been using Lepus for a number of years as it is one of the better subdomain enumeration tools. I integrated some of the lessons learned from DNS Queue [https://github.com/zephrfish/dns-parallel-prober] and added additional functionality to a project that had not been updated in over 2
redteam Pass the Way to DA Pass the X attacks originate from having a piece of information, in these examples this will be a hash, a set of credentials or a Kerberos ticket and then leveraging them for lateral movement throughout a network.
redteam Featured Certified Red Team Operator (CRTO) - Red Team Ops I Review TL;DR I passed! & The course was great!
review 2020 - A year of Ups and Downs This year has been interesting to say the least, a lot has happened and it has been full of great moments but equally upsetting and downer moments.
blueteam Learning The [Defence] Ropes 101 - Splunk Setup & Config As an attacker I come across Splunk a lot but I've never deployed it. This blog post will deep dive into deploying it and querying the back end!
My First 2020 [NonTroll] CVE - DLL Hijacking in NVIDIA System Management Interface (SMI) NVIDIA System Management Interface is vulnerable to DLL search order hijacking whereby an attacker can leverage execution to establish persistence on a machine using a malicious DLL file.
![Some of the [Many] Problems with Security Skills](https://images.unsplash.com/photo-1533836084038-f72ebbc71338?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&w=600)
![Learning The [Defence] Ropes 101 - Splunk Setup & Config](https://images.unsplash.com/photo-1603027940516-e44aa6510e02?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&w=600)
![My First 2020 [NonTroll] CVE - DLL Hijacking in NVIDIA System Management Interface (SMI)](/content/images/size/w600/2020/09/banner.png)