Overview A twitter post by Casey Smith (@subtee) inspired me to update a tool written by Andrew Chiles (@andrewchiles) and I a few years ago. During a Red Team engagement, it…
Read More
This post is intended as a quick reference guide to install Bloodhound on an Ubuntu system. This is heavily based on https://popped.io/setting-up-bloodhound-on-debian-jessie/ with a few tweaks. Install Ubuntu Install Ubuntu as…
This was heavily based on the work by Jeff Dimmock @bluescreenofjeff (Jeff, thanks for all your great work !!!) Creating a Cobalt Strike mod_rewrite .htacces file is easy, but I’m…
Overview This post is intended as a follow-on to Jeff Dimmock’s detailed write-up on creating communication profiles for Empire. Empire 1.6’s “DefaultProfile” setting for modifying C2 indicators doesn’t directly allow…
Overview During a Red Team engagement, performing detailed Situational Awareness (SA) or enumeration on initial and subsequent host compromises is vital. Every good pen-tester or red teamer has their list of go-to…
Overview Domain name selection is an important aspect of preparation for phishing scenarios, penetration tests, and especially Red Team engagements. It is increasingly common to be faced with web filtering in…
We’ve seen several great incoming agent/shell notification mechanisms for Metasploit and Empire recently and the utility of being notified when new shells appear is without question. This is especially true when conducting…
Web applications continue to be a valuable door for attackers to use to gain remote access to a network. If a web application is compromised, the webserver itself can be used...
Read More
Welcome to the Threat Express information security blog by the Red Team at MINIS LLC. The primary website remains http://minis.io, but this is our new platform for the release of security research, tools, and…