• info@obscuritylabs.com
  • +1(877)421-0822
xamin
  • Home
  • Services
    • Training Portal
    • Red Teaming and Penetration Testing
    • Secure Software Development and Systems Engineering
  • Industries
    • Federal Services
  • Our Company
    • About Us
    • Contact us
    • Careers
  • Our Projects
    • Rapid Attack Infrastructure (RAI)
    • PeFixup
    • HastySeries
    • Open Source – Common Findings DataBase (OS-CFDB)
  • Blog
Meet Us

Year: 2017

  1. Home
  2. 2017
  • Agents
  • CobaltStrike
  • DevOps
  • Docker
  • Infrastructure
  • Security Assessments
  • Posted on December 24, 2017

Docker Your Command & Control (C2)

Package and ship your CobaltStrike & Empire Instances with Docker.

Read More
  • Application Security Assessment
  • xss
  • Posted on December 1, 2017

Cross-Site Phishing

Cross-Site Scripting is a type of injection attack that allows an attacker to manipulate user input that dynamically is displayed on the page in order to write and have the browser render malicious HTML tags.

Read More
  • Open Source
  • Phishing
  • Security Assessments
  • Posted on November 28, 2017

THE {PHISHING} {PATH} TO {INFO} WE MISSED

TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don’t fret it’s still everywhere!

Read More
  • Malware
  • shadowbrokers
  • Posted on November 20, 2017

EsteemAudit, A Breakdown & Walk-through

As we all know EsteemAudit(EA) was one of the many tools released by the shadowbrokers. It targets the RDP service on XP and Server 2003 systems. This is done by exploiting the gpkcsp.dll of the Windows Smart Card.

Read More
  • Malware
  • shadowbrokers
  • Posted on November 13, 2017

Match Made In The Shadows: Part [3]

At this point of the post, I assume you have set up a full environment from Part [2] post here and operational implant. Today we will be covering using FuzzBunch (FB) for exploitation, and launching a PeddleCheap implant on the target host.

Read More
  • Malware
  • shadowbrokers
  • Posted on November 9, 2017

Match Made In The Shadows: Part [2]

At this point of the post, I assume you have set up a full environment from Part [1] post here. Today we will be covering using FuzzBunch (FB) for exploitation, and the tradecraft considerations they took in the design and what it says about the prowess of this actor.

Read More
  • Malware
  • shadowbrokers
  • Posted on November 5, 2017

Match Made In The Shadows: Part [1]

Not too long ago the security community was rocked with yet another leak from the #ShadowBrokers[1]; causing an impact worldwide with point and click Domain Admin vulnerabilities.

Read More

Recent Posts

  • OS-CFDB – Future of Vulnerability, Red Team and Pen-Testing Reporting
  • Installing CobaltStrike on Ubuntu 18.04
  • Docker + AFL: Effective, scalable reproducible fuzzing
  • Cross-Platform VPN Persistence(and phishing!) with Viscosity
  • Revisiting IsDebuggerPresent( Covertly)

Recent Comments

    Archives

    • March 2019
    • February 2019
    • October 2018
    • July 2018
    • January 2018
    • December 2017
    • November 2017

    Categories

    • AFL
    • Agent Development
    • Agents
    • Application Security Assessment
    • CobaltStrike
    • DevOps
    • Docker
    • Fuzzing
    • Infrastructure
    • Malware
    • Open Source
    • Phishing
    • Reporting
    • Security Assessments
    • shadowbrokers
    • Software Testing
    • xss

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Recent Post

      • March 27, 2019
      OS-CFDB – Future of Vulnerability, Red Team and Pen-Testing Reporting
      • February 23, 2019
      Installing CobaltStrike on Ubuntu 18.04
      • October 26, 2018
      Docker + AFL: Effective, scalable reproducible fuzzing

    Categories

    • AFL 1
    • Agent Development 1
    • Agents 3
    • Application Security Assessment 1
    • CobaltStrike 2
    • DevOps 1
    • Docker 1
    • Fuzzing 1
    • Infrastructure 2
    • Malware 4
    • Open Source 2
    • Phishing 2
    • Reporting 1
    • Security Assessments 4
    • shadowbrokers 4
    • Software Testing 1
    • xss 1

    Keep up with Obscurity Labs and get instant news once in a while. We promise, no spam or similar emails!

    Menu

    • Careers

    Federal Codes

    CAGE: 81R22
    DUNS: 081070044
    – VETERAN OWNED
    – SMALL-BUSINESS

    Contact us

    • +1(877)421-0822
    • info@obscuritylabs.com
    • 44921 George Washington Blvd, Suite 150, Ashburn, VA 20147
    Copyright 2019 Obscurity Labs LLC All Rights Reserved.