5 Ways We Get On Your Network: Phishing

Posted on October 19th, 2016

From penetration testing to real world attacks, Phishing remains to be an extremely effective way to establish a foothold into a target organization. This blog post is a follow-on to “5 Ways We Get On Your Network” with a closer look at Phishing and it’s various techniques. Phishing is essentially sending a malicious email to […]

5 Ways We Get On Your Network

Posted on October 14th, 2016

This will be the first blog post in a series designed to demonstrate how we commonly establish a foothold into a target network. Each blog post will dive into one of these common techniques at a deeper level, showing some practical application and defenses. The goal of this series is to help educate those who […]


Tracking Domains w/o Blowing Up Your SIEM

Posted on October 5th, 2016

A common practice in SOCs is to periodically resolve known hostile domains to identify changes in adversarial infrastructure. There are a variety of approaches to help you track hostile infrastructure but your mileage may vary. If your monitoring capabilities are tuned to look for specific domains, you may end up adding a significant number of […]

RVAsec 2016: Beyond Automated Testing

Posted on June 3rd, 2016

RVAsec is the first Richmond, Virginia, security convention to bring top speakers to the mid-atlantic region.  The conference was held on Thursday, June 2nd and Friday June 3rd 2016 at the Commonwealth Ballroom at VCU’s University Commons. Beyond Automated Testing – By Zack Meyers and Andrew McNicol Have you ever run a vulnerability scan and thought […]

Using Python to Decrypt Dispind.A and Helminth HTTP Beacons

Posted on May 30th, 2016

Microsoft’s Windows Defender Advanced Threat Hunting Team and Palo Alto’s Unit 42 recently published some great technical writes up that detail targeted attacks, PLATINUM and OilRig, respectively. The reports are great because they provide some actionable intelligence for network defenders to detect malicious activity. The reports also go into great detail about how the attackers […]

ImageMagick Undocumented Feature – RCE (CVE-2016-3714)

Posted on May 9th, 2016

Overview: This past week a very interesting vulnerability (CVE-2016-3714) came out affecting ImageMagick – software used to convert, edit, and manipulate images. The main attack vectors for the vulnerability are going to be web applications that leverage the software for image modification. Now the software package adds some additional functionality for us attackers #RCE 🙂 […]