Cybersecurity and IT Services
We collaborate with public and private sector clients to solve their most difficult security challenges.

Red Teaming and Penetration Testing
Our team is experienced at performing all the phases of a red team operation to mimic the capabilities and mindset of today’s dynamic, advanced persistent threat (APT). Our team performs penetration testing in many different capacities depending on the scope and requirements. Our flexible testing services quickly uncovers and confirms critical vulnerabilities.
- Custom Capability Development
- Enterprise/Cloud/Web App/IoT/ICS
- APT TTPs

Secure Software Development and Systems Engineering
Our team has extensive experience in DevOps, orchestration, and a variety of coding languages. We are experienced in architecting, designing, and building complex cloud and on-premise solutions.
- Agile, CI/CD, & DevOps
- Python, JavaScript, Java, C, C++, C#, Go, SQL, and more
- AWS, Azure, GCP, VMware, ESXI, KVM, QEMU, Docker, LXC, Kubernetes, OpenShift, and more!

Cybersecurity Training
Train your cybersecurity team to secure and defend your enterprise. Our flagship SOC Immersion Training (SIT) embeds our offensive operators inside a virtual lab environment alongside your SOC analysts to enhance your team’s operational skills and improve their ability to prevent, detect, and respond to specific threat actor TTPs. We also offer Cyber Threat Emulation (CTE) training and much more!
- Custom Cyber Range
- World Class Instructors
- Measurable KPIs








Cybersecurity is our passion
At Obscurity Labs, we pride ourselves in our unique ability to integrate
comprehensive strategy and cutting-edge security into any information
environment. Within the ever-evolving world of information
technology, your organization must take a proactive and holistic
approach to information security operations.
With Obscurity Labs on your team, your organization will be equipped with comprehensive experience in implementing an infrastructure and technology-agnostic approach that integrates real-world attacker tradecraft, security assessments, and training.
- 100% [Cyber] Veteran Owned
- Small Business
Infrastructure Engineering Is NO Longer Simple.
Global cloud adoption has risen to the top of how continuous integration, DevOps, and software is built today. Obscurity Labs is focusing on becoming subject matter experts for this growing space.
AWS
Azure
Google Cloud
IBM






Cloud Providers






Backend






Front End
Our Customers Get Results
Obscurity Labs has had the privilege to work with leading organizations in a variety of industries.












Recent Blog
I always tell my team the caliber of their reporting lies within every step of engagement, not the end. The actuality is reporting is the only thing our clients and fellow security teams receive as a final product.
We have found good success using Ubuntu and have moved the recent LTS 18.04.
Fuzzing is an art of its own, and finding perfection is rough. It takes applicable targets, time and more time.
Both the Windows and OSX Versions of Viscosity include scripting support, which can execute commands upon three different triggers.
Recently I got an itch to revisit some necessary sandbox and anti-reversing techniques. While these often are overlooked for Red Teamers, they can play a valuable part in what you code branches too in the event of a debugger or VM.
Package and ship your CobaltStrike & Empire Instances with Docker.
Cross-Site Scripting is a type of injection attack that allows an attacker to manipulate user input that dynamically is displayed on the page in order to write and have the browser render malicious HTML tags.
TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don't fret it's still everywhere!
As we all know EsteemAudit(EA) was one of the many tools released by the shadowbrokers. It targets the RDP service on XP and Server 2003 systems. This is done by exploiting the gpkcsp.dll of the Windows Smart Card.
At this point of the post, I assume you have set up a full environment from Part [2] post here and operational implant. Today we will be covering using FuzzBunch (FB) for exploitation, and launching a PeddleCheap implant on the target host.









