Explore >> Select a destination


You are here

blog.flanker017.me
| | forensicitguy.github.io
4.3 parsecs away

Travel
| | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here:
| | andrewroderos.com
0.9 parsecs away

Travel
| | In this blog post, you will learn how to escalate from a command shell to a Meterpreter shell using PowerShell Empire and Metasploit.
| | taeluralexis.com
1.6 parsecs away

Travel
| | We'll target a network comprising 3 machines, leveraging CVE exploits, pivoting, code obfuscation techniques, and AV bypass strategies.
| | lobsterpot.com.au
28.3 parsecs away

Travel
| I don't like to write about client situations, but this one seemed worth mentioning for the sake of other people experiencing the same thing, so I asked my client for permission and they agreed. Following an on-prem server reboot, anything that tried to connect to SQL Server on that server, using Windows Authentication, was getting [...]