redteam - ZeroSec - Adventures In Information Security

redteam

A collection of 21 posts

BYODC - Bring Your Own Domain Controller

redteam Featured

BYODC - Bring Your Own Domain Controller

BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.

Dark photo of lit balcony, glasgow at night

Multiple Paths to Compromise An Environment

Attack paths and compromising systems are something we, as attackers, thrive in. Many areas of system weakness can be attacked and leveraged to gain a foothold or an upper hand within an environment.

Moody photo of railway arches with graffiti

Azure Attack Paths: Common Findings and Fixes (Part 1)

This post will walk through various services within the Azure catalogue and look at potential attack paths.

Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6

redteam Featured

Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6

A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.6

Chasing the Silver Petit Potam to Domain Admin

redteam Featured

Chasing the Silver Petit Potam to Domain Admin

Exploiting Petit Potam in a different way to force some downgrade and protocol attacks.

Tunnelling For Offensive Security

redteam Featured

Tunnelling For Offensive Security

One thing that comes up a lot when it comes to red teaming, penetration testing and breaching a network is being able to proxy traffic into multiple environments.

AutoPoC - Validating the Lack of Validation in PoCs

honeypoc Featured

AutoPoC - Validating the Lack of Validation in PoCs

HoneyPoC was a project to look at how popular CVE PoCs could be. AutoPoC took that concept and enabled the mass creation of disinformation. Also, Data is beautiful.

ADExplorer Exporting Quick Tip

ADExplorer Exporting Quick Tip

Working with ADExplorer as a Red Teamer is really useful for seeing the whole domain in a single snapshot that can be looked at offline. There is minimal tooling out there for parsing ADExplorer or even exporting things and the closest I could find was ADEGrab [https://github.com/stufus/

Social Profiling - OSINT for Red/Blue

Social Profiling - OSINT for Red/Blue

One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy enumeration.

Old but Gold - Attack and Defend the Sys Admins

redteam Featured

Old but Gold - Attack and Defend the Sys Admins

Older techniques used in a sysadmin space, weaponised for red teaming and how to detect them from a blue team perspective.

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

redteam Featured

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

As this series is a three part and dives into how to get domain admin in a windows estate using different techniques I found it useful to link them altogether in one flowing post, yes it is a straight pull of the other posts into one continuous post but it

Pass the Way to DA

Pass the Way to DA

Pass the X attacks originate from having a piece of information, in these examples this will be a hash, a set of credentials or a Kerberos ticket and then leveraging them for lateral movement throughout a network.

Certified Red Team Operator (CRTO) - Red Team Ops I Review

redteam Featured

Certified Red Team Operator (CRTO) - Red Team Ops I Review

TL;DR I passed! & The course was great!

ZeroLogon(CVE-2020-1472) - Attacking & Defending

ZeroLogon(CVE-2020-1472) - Attacking & Defending

A handy walkthrough of CVE-2020-1472 from both a red and blue team perspective, how to detect, patch and hack ZeroLogon

WTF is Rainbow Teaming?

redteam Featured

WTF is Rainbow Teaming?

Alternative Title: 50 Shades of Teams Red Team, Blue Team, Purple Team, Black Team… Rainbow team? What are all of these things and what do they all mean? Is this a new case of a new found buzzword bingo or do they have a place and a purpose? The coloured

Roasting your way to DA - Build-Break-Defend-Fix

redteam Featured

Roasting your way to DA - Build-Break-Defend-Fix

Dive into both Kerberoasting and ASREP Roasting, looking at how they work, how to introduce them into an environment and how to fix them or where possible monitor and defend against them.

Build, Attack, Defend, Fix – Paving the way to DA

Build, Attack, Defend, Fix – Paving the way to DA

While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?

Mail Technologies(DKIM & DMARC) - Part 2

phishing Featured

Mail Technologies(DKIM & DMARC) - Part 2

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides. This post dives into DKIM and DMARC.

Mail Security - SPF - WTF

ltr101 Featured

Mail Security - SPF - WTF

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides.

So You Want to Learn [Red] Teaming?

redteam Featured

So You Want to Learn [Red] Teaming?

Red Teaming is something that takes a bit of experience to actually nail, it's not something you expect to walk into after doing a four year uni course or something to pick up with little to no actual security experience.

Bloodhound 2.2 - A Tool for Many Tradecrafts

redteam Featured

Bloodhound 2.2 - A Tool for Many Tradecrafts

Bloodhound is a tool for enumeration of an active directory environment. It maps out relationships between active directory objects and is useful for Pentesting and Red Teaming.