Cybersecurity and IT Services

We collaborate with public and private sector clients to solve their most difficult security challenges.

fancy-list

Red Teaming and Penetration Testing

Our team is experienced at performing all the phases of a red team operation to mimic the capabilities and mindset of today’s dynamic, advanced persistent threat (APT). Our team performs penetration testing in many different capacities depending on the scope and requirements. Our flexible testing services quickly uncovers and confirms critical vulnerabilities.

  • Custom Capability Development
  • Enterprise/Cloud/Web App/IoT/ICS
  • APT TTPs
Read More
fancy-list

Secure Software Development and Systems Engineering

Our team has extensive experience in DevOps, orchestration, and a variety of coding languages. We are experienced in architecting, designing, and building complex cloud and on-premise solutions.

  • Agile, CI/CD, & DevOps
  • Python, JavaScript, Java, C, C++, C#, Go, SQL, and more
  • AWS, Azure, GCP, VMware, ESXI, KVM, QEMU, Docker, LXC, Kubernetes, OpenShift, and more!
Read More
fancy-list

Cybersecurity Training

Train your cybersecurity team to secure and defend your enterprise. Our flagship SOC Immersion Training (SIT) embeds our offensive operators inside a virtual lab environment alongside your SOC analysts to enhance your team’s operational skills and improve their ability to prevent, detect, and respond to specific threat actor TTPs. We also offer Cyber Threat Emulation (CTE) training and much more!

  • Custom Cyber Range
  • World Class Instructors
  • Measurable KPIs
Read More
drive02 drive02
About us

Cybersecurity is our passion

At Obscurity Labs, we pride ourselves in our unique ability to integrate
comprehensive strategy and cutting-edge security into any information
environment. Within the ever-evolving world of information
technology, your organization must take a proactive and holistic
approach to information security operations.

With Obscurity Labs on your team, your organization will be equipped with comprehensive experience in implementing an infrastructure and technology-agnostic approach that integrates real-world attacker tradecraft, security assessments, and training.

  • 100% [Cyber] Veteran Owned
  • Small Business
Read More
Download PDF
Cloud & Infrastructure Engineering

Infrastructure Engineering Is NO Longer Simple.

Global cloud adoption has risen to the top of how continuous integration, DevOps, and software is built today. Obscurity Labs is focusing on becoming subject matter experts for this growing space.

57%
AWS
34%
Azure
15%
Google Cloud
8%
IBM
tecbox
tecbox
tecbox
Cloud Providers
tecbox
tecbox
tecbox
Backend
tecbox
tecbox
tecbox
Front End
Trusted

Our Customers Get Results

Obscurity Labs has had the privilege to work with leading organizations in a variety of industries.

Blog

Recent Blog

blogimage0

OS-CFDB - Future of Vulnerability, Red Team and Pen-Testing Reporting

I always tell my team the caliber of their reporting lies within every step of engagement, not the end. The actuality is reporting is the only thing our clients and fellow security teams receive as a final product.

Read More
blogimage1

Installing CobaltStrike on Ubuntu 18.04

We have found good success using Ubuntu and have moved the recent LTS 18.04.

Read More
blogimage2

Docker + AFL: Effective, scalable reproducible fuzzing

Fuzzing is an art of its own, and finding perfection is rough. It takes applicable targets, time and more time.

Read More
blogimage3

Cross-Platform VPN Persistence(and phishing!) with Viscosity

Both the Windows and OSX Versions of Viscosity include scripting support, which can execute commands upon three different triggers.

Read More
blogimage4

Revisiting IsDebuggerPresent( Covertly)

Recently I got an itch to revisit some necessary sandbox and anti-reversing techniques. While these often are overlooked for Red Teamers, they can play a valuable part in what you code branches too in the event of a debugger or VM.

Read More
blogimage5

Docker Your Command & Control (C2)

Package and ship your CobaltStrike & Empire Instances with Docker.

Read More
blogimage6

Cross-Site Phishing

Cross-Site Scripting is a type of injection attack that allows an attacker to manipulate user input that dynamically is displayed on the page in order to write and have the browser render malicious HTML tags.

Read More
blogimage7

THE {PHISHING} {PATH} TO {INFO} WE MISSED

TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don't fret it's still everywhere!

Read More
blogimage8

EsteemAudit, A Breakdown & Walk-through

As we all know EsteemAudit(EA) was one of the many tools released by the shadowbrokers. It targets the RDP service on XP and Server 2003 systems. This is done by exploiting the gpkcsp.dll of the Windows Smart Card.

Read More
blogimage9

Match Made In The Shadows: Part [3]

At this point of the post, I assume you have set up a full environment from Part [2] post here and operational implant. Today we will be covering using FuzzBunch (FB) for exploitation, and launching a PeddleCheap implant on the target host.

Read More
drive02 drive02