• info@obscuritylabs.com
  • +1(877)421-0822
xamin
  • Home
  • Services
    • Training Portal
    • Red Teaming and Penetration Testing
    • Secure Software Development and Systems Engineering
  • Industries
    • Federal Services
  • Our Company
    • About Us
    • Contact us
    • Careers
  • Our Projects
    • Rapid Attack Infrastructure (RAI)
    • PeFixup
    • HastySeries
    • Open Source – Common Findings DataBase (OS-CFDB)
  • Blog
Meet Us

Author: Alexander Rymdeko-Harvey

  1. Home
  2. Articles posted by : Alexander Rymdeko-Harvey
  • Open Source
  • Reporting
  • Security Assessments
  • Posted on March 27, 2019

OS-CFDB – Future of Vulnerability, Red Team and Pen-Testing Reporting

I always tell my team the caliber of their reporting lies within every step of engagement, not the end. The actuality is reporting is the only thing our clients and fellow security teams receive as a final product.

Read More
  • Agents
  • CobaltStrike
  • Infrastructure
  • Posted on February 23, 2019

Installing CobaltStrike on Ubuntu 18.04

We have found good success using Ubuntu and have moved the recent LTS 18.04.

Read More
  • AFL
  • Fuzzing
  • Software Testing
  • Posted on October 26, 2018

Docker + AFL: Effective, scalable reproducible fuzzing

Fuzzing is an art of its own, and finding perfection is rough. It takes applicable targets, time and more time.

Read More
  • Phishing
  • Security Assessments
  • Posted on July 9, 2018

Cross-Platform VPN Persistence(and phishing!) with Viscosity

Both the Windows and OSX Versions of Viscosity include scripting support, which can execute commands upon three different triggers.

Read More
  • Agent Development
  • Agents
  • Posted on January 25, 2018

Revisiting IsDebuggerPresent( Covertly)

Recently I got an itch to revisit some necessary sandbox and anti-reversing techniques. While these often are overlooked for Red Teamers, they can play a valuable part in what you code branches too in the event of a debugger or VM.

Read More
  • Agents
  • CobaltStrike
  • DevOps
  • Docker
  • Infrastructure
  • Security Assessments
  • Posted on December 24, 2017

Docker Your Command & Control (C2)

Package and ship your CobaltStrike & Empire Instances with Docker.

Read More
  • Application Security Assessment
  • xss
  • Posted on December 1, 2017

Cross-Site Phishing

Cross-Site Scripting is a type of injection attack that allows an attacker to manipulate user input that dynamically is displayed on the page in order to write and have the browser render malicious HTML tags.

Read More
  • Open Source
  • Phishing
  • Security Assessments
  • Posted on November 28, 2017

THE {PHISHING} {PATH} TO {INFO} WE MISSED

TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don’t fret it’s still everywhere!

Read More
  • Malware
  • shadowbrokers
  • Posted on November 20, 2017

EsteemAudit, A Breakdown & Walk-through

As we all know EsteemAudit(EA) was one of the many tools released by the shadowbrokers. It targets the RDP service on XP and Server 2003 systems. This is done by exploiting the gpkcsp.dll of the Windows Smart Card.

Read More
  • Malware
  • shadowbrokers
  • Posted on November 13, 2017

Match Made In The Shadows: Part [3]

At this point of the post, I assume you have set up a full environment from Part [2] post here and operational implant. Today we will be covering using FuzzBunch (FB) for exploitation, and launching a PeddleCheap implant on the target host.

Read More
  • 1
  • 2
  • Next page

Recent Posts

  • OS-CFDB – Future of Vulnerability, Red Team and Pen-Testing Reporting
  • Installing CobaltStrike on Ubuntu 18.04
  • Docker + AFL: Effective, scalable reproducible fuzzing
  • Cross-Platform VPN Persistence(and phishing!) with Viscosity
  • Revisiting IsDebuggerPresent( Covertly)

Recent Comments

    Archives

    • March 2019
    • February 2019
    • October 2018
    • July 2018
    • January 2018
    • December 2017
    • November 2017

    Categories

    • AFL
    • Agent Development
    • Agents
    • Application Security Assessment
    • CobaltStrike
    • DevOps
    • Docker
    • Fuzzing
    • Infrastructure
    • Malware
    • Open Source
    • Phishing
    • Reporting
    • Security Assessments
    • shadowbrokers
    • Software Testing
    • xss

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Recent Post

      • March 27, 2019
      OS-CFDB – Future of Vulnerability, Red Team and Pen-Testing Reporting
      • February 23, 2019
      Installing CobaltStrike on Ubuntu 18.04
      • October 26, 2018
      Docker + AFL: Effective, scalable reproducible fuzzing

    Categories

    • AFL 1
    • Agent Development 1
    • Agents 3
    • Application Security Assessment 1
    • CobaltStrike 2
    • DevOps 1
    • Docker 1
    • Fuzzing 1
    • Infrastructure 2
    • Malware 4
    • Open Source 2
    • Phishing 2
    • Reporting 1
    • Security Assessments 4
    • shadowbrokers 4
    • Software Testing 1
    • xss 1

    Keep up with Obscurity Labs and get instant news once in a while. We promise, no spam or similar emails!

    Menu

    • Careers

    Federal Codes

    CAGE: 81R22
    DUNS: 081070044
    – VETERAN OWNED
    – SMALL-BUSINESS

    Contact us

    • +1(877)421-0822
    • info@obscuritylabs.com
    • 44921 George Washington Blvd, Suite 150, Ashburn, VA 20147
    Copyright 2019 Obscurity Labs LLC All Rights Reserved.