Recent Blog Posts

cslogwatch: Cobalt Strike Log Tracking, Parsing & Storage

published on  
cslogwatch is a tool designed to help Cobalt Strike users get handle on the logs generated by the tool. While we can certainly spend our time grepping for data across myriad of beacon session log files, wouldn’t it be nice if we had a tool that could reliably track Cobalt Strike log files for changes, parse the entries, and then store them in a database or return them in some kind of structured fashion?

Stealthy Targeted Implant Loaders Addendum

published on  
A few weeks ago I published a blog post titled Stealthy & Targeted Implant Loaders. There are a couple of caveats to the aforementioned points that I would like to address in this brief addendum, in addition to introducing a few new ideas. On-Target Analysis In the last post we discussed a number of target-specific conditions that can be used as cryptographic key material input. The result of these conditions is a payload that will only successfully decrypt only on the intended target(s).

Recent Walkthroughs

Hack the Box Walkthrough: Resolute

published on  
Overview This post provides a walkthrough of the Resolute system on Hack The Box. This walktrough, in entirety, is a spoiler. I create these walkthroughs as documentation for myself while working through a system; excuse any brevity or lack of formality. I’ve uploaded this walkthrough to help those that may be stuck. Service Enumeration To kick things off, we start with some service discovery to figure out what is actually running on this box.

Hack the Box Walkthrough: Nest

published on  
Overview This post provides a walkthrough of the Nest system on Hack The Box. This walktrough, in entirety, is a spoiler. I create these walkthroughs as documentation for myself while working through a system; excuse any brevity or lack of formality. I’ve uploaded this walkthrough to help those that may be stuck. Service Enumeration To kick things off, we start with some service discovery to figure out what is actually running on this box.