In this post, we look at what you’ll want to do after compromising an initial system - Lateral Movement. Using PowerShell Empire we identify targets, test for access, and move laterally with different methods.
In this third part of our series on command and control channels, you’re going to get into the meat of the functionality that PowerShell Empire has to offer: modules. Empire modules are typically external tools which have been ported into the platform to allow you to perform some powerful post exploitation tasks.
This post is part 2 of a series about command and control basics and getting started with PowerShell Empire. We discuss Empire listeners, launchers / stagers, and agents; all the pieces you’ll need to create a C2 channel on a compromised host.
Before diving into a new tool or technique, it’s important to understand the underlying technology. In this post we explain the basic principles of Command and Control traffic. Following posts will apply these principles with examples from PowerShell Empire.
Having visibility and control over your penetration testing lab environment is a key component in its effectiveness as a training and research tool. To provide this to our customers, we recently rolled out a lab dashboard application with deep hooks into the underlying AWS infrastructure of our lab environments.
Sharing passwords across privileged accounts is a problem faced by many organizations. We developed a tool to help address the issue that identifies shared passwords between lexically similar accounts: Invoke-PWAudit.
We explore some different data sources and methods for OSINT using entirely offline data. There are some interesting advantages (and disadvantages) of using offline OSINT…
While exploring some new OSINT data sources and techniques, we realized we had an easy way to identify an enormous number of domains that were vulnerable to takeover attacks.
Beef up the realism in your lab environment with simulated users. Invoke-UserSimulator mimicks active users in a corporate environment browsing the internet, mapping file shares, and opening email.
We recently worked with the Drexel's cyber security club in preparation for this years CCDC. They were able to test their strategy and practice in our lab, and we got some awesome feedback.
We’re proud to announce our brand new penetration testing lab offerings. Here’s what we’re all about.