SMBExec: Red Side Analysis (Part 2)

STACKTITAN's Alex Mason is back with part II in this tradecraft series. This time around he demonstrates modifying SMBExec to bypass various detections.…

SMBExec: Red Side Analysis (Part 1)

Ride along as Alex Mason from STACKTITAN shares tradecraft of analyzing offensive toolchains to identify detection opportunities in part one of this blog series.…

Security on a Budget

Following the completion of all our penetration tests and assessments we take time to review the findings and the deliverable with our customers. During this review, we almost always get asked the following: Of all the vulnerabilities you identified, which ones would you mitigate first? We're a small team and…

LOG4J: Vulnerability Detection and Remediation

Get to the Point This is short and sweet because the info is out there, and we just want to direct people to the collective, without the "jump to the recipe" bloat. We are not going to reiterate what has already been provided numerous times elsewhere on the interwebs. What…

Learn the Blue to Improve the Red (Part 2)

The only way to get better at offense is to understand the obstacles one may encounter. Learn how to navigate system log data to use it to your advantage. This second post will introduce the reader to ELK and Sysmon along with procedures to deploy these technologies within their own lab environment.…