BaffledJimmy

Scaling detection and response operations at Coinbase part 2 & 3: 🔍 Driving context into detection logic with machine and user profiles 🔧 Codifying automatic remediation for high-risk detections 📫 Automating alert triage with employees via Slackbot coinbase.com/blog/scaling-d…

I know it’s been a meme for a while, but my experience with EDR and other technical tooling is that they are essentially Cobalt Strike detectors. They’re focused so heavily on developing detections on certain product IOCs and not the actual TTPs being leveraged.

Had an idea to hide our links and payloads behind human facial validation AI. tommacdonald.co.uk/using-azure-ai…

Wrote up some notes on Puppet 101 and abusing Puppet across Linux / Windows. Comes with a Lab / Repo / POCs. tommacdonald.co.uk/abusing-puppet…

A bunch of nerds: Your code needs to be memory safe to move the industry forward Every CVE in 2024: if you add a funny character to this URL parameter you can execute commands as root

I'm going to release a realistic red teaming course where we just read Confluence, wikis, shares, and git repos all day and write reports for several hours at the end.

New features coming in #activedirectory? Say it ain't so!!!!: learn.microsoft.com/en-us/windows-…

I’ve just publicly released SQLRecon v3.3. This release includes many features that were used privately by the @xforcered Adversary Services team on real-world red team operations. Please share, enjoy, and use responsibility. Hmu if you have any questions! github.com/xforcered/SQLR…

Introducing ETWHash! ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline. labs.nettitude.com/blog/etwhash-h…

Once again everyone doesn't need red teaming. Most of the complaints on here around the topic are people using red teaming in some capacity where they would benefit from other activities instead. That doesn't mean red teaming needs to be changed or modified.

In our latest research, @rbmaslen dives in to the LastPass password manager mdsec.co.uk/2022/10/analys…

Hi @monoxgas the SSL cert on silentbreaksecurity domain has expired I think, HSTS stops browsing. :)

Two of the most seemingly obvious things have made the biggest improvements on how we red team here. Standardizing sharing of notes/techniques/etc in Obsidian and having consultants debrief the entire red and research teams after every engagement is complete.

In case you missed it, here are two diagram and table to help understand and abuse NTLM relay attacks 😃 (I could use some help to finish them and do some foolproofing, but they're already helpful as is imo)

Since every one is firing up the marketing machines it’s time to break out a classic. You’re going to want the checkpoint firewall this time around.

Hot off the production line, Nighthawk 0.1 is available for subscribers… check out our release post mdsec.co.uk/2021/12/nighth…

New blog post: how we created a phishing document signed by Microsoft - from Microsoft with love 😉 CVE-2021-28449 h/t @ptrpieter @OutflankNL outflank.nl/blog/2021/12/0…