#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart

#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam

#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell

#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.

#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam

#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.