Skip to content

Presentations by the the Threatexpress Authors

The following is a list of presentations by the authors on Threatexpress

20231218 - Joe Vest - From Aspiring Herbalist To Red Teamer | A Conversation With Joe Vest | The Hacker Factory With Phillip Wylie

Link: https://www.youtube.com/watch?v=wzt5OaXndxk

Description: This episode of the Hacker Factory podcast features Joe Vest discussing his diverse career journey in IT and security, highlighting his experiences in red teaming, the critical importance of understanding business context and communication skills in security testing, and offering advice for aspiring red teamers to build strong technical foundations and develop a passion for continuous learning

20210921 - SiegeCast "COBALT STRIKE BASICS" with Tim Medin and Joe Vest

Link: https://www.youtube.com/watch?v=OtM6iegGYAQ

Description: Tim Medin and Joe Vest explain that Cobalt Strike is a robust, extensible command and control framework utilized for threat-based security testing across red, blue, and purple teams, offering capabilities such as malleable C2, in-memory execution, lateral movement, and various kits for customization, emphasizing the importance of focusing on detecting attacker techniques rather than just the tool itself, alongside critical considerations for operational security (opsec) and C2 infrastructure design.

20210821 - WWHF | Why We Red Team : The Real Value of Threat Emulation

Link: https://www.youtube.com/watch?v=XE9JZOC-SCE

Description: Joe Vest discuss event logistics, the significance of network segmentation against threats like ransomware, and introduce upcoming red team content, with Joe Vest highlighting the focus of his talk on the real value of threat-based engagements for improving security operations.

20210728 - Joe Vest - Red Team 101: Offensive Security with Joe Vest | 401 Access Denied Podcast Ep. 33

Link: https://www.youtube.com/watch?v=kfqQRJF-dQQ

Description: Red teaming discussion on the 401 Access Denied Podcast

20210715 - Joe Vest - CredBandit - Part 1 - Tool review of an in memory mindump BOF

Link: https://www.youtube.com/watch?v=WV34uVMxKZk

Description: CredBandit is a Beacon Object File that performs in-memory minidumps of processes like LSASS using x64 syscalls and a clever hijacking of Beacon's communication channels to transfer the base64 encoded data back to the team server for credential extraction with tools like Mimikatz, all without writing the dump to disk |

20210711 - Joe Vest - Beacon Health Status Indicator

Link: https://www.youtube.com/watch?v=97mCumYTo7Y

Description: The "Beacon Health Status Indicator" is an Aggressor script that enhances Cobalt Strike beacon management by tracking sleep and jitter times to calculate expected return times and visually indicate the health status of beacons as healthy, paused (disconnected SMB), in the process of dying (caution), or dead (not returned twice the expected time) |

20250622 - Joe Vest - Automate Cobalt Strike with Services

Link: https://www.youtube.com/watch?v=COPVWKqUVj8

Description: How to automate the setup and management of a Cobalt Strike command and control infrastructure using scripting for deploying components like redirectors, the team server, and listeners as Linux services, ultimately improving efficiency and enabling rapid deployment with custom C2 profiles and automated payload generation

20210301 - Joe Vest - DCP Podcast Episode 4

Link: https://www.youtube.com/watch?v=-Ro-8ap7QRw

Description: The DCP Podcast episode features Joe Vest discussing how red teaming or threat emulation is a crucial element of detection and response, emphasizing the collaborative relationship between red and blue teams for enhancing defensive capabilities through shared technical understanding and the simulation of realistic threats |

20200623 - Joe Vest - Professional Red Teaming with Joe Vest Test Guild Podcast

Link: https://www.youtube.com/watch?v=4IQKF-uokAc

Description: Discussesion on professional red teaming as a goal-oriented practice that emulates real-world threats using defined tactics, techniques, and procedures to evaluate and improve an organization's overall security posture by testing their people, processes, and technologies, emphasizing operational readiness and response capabilities beyond just identifying vulnerabilities or attack paths.

20200509 - Joe Vest - Red Team Discussion with Joe Vest | DailyCyber 225

Link: https://www.youtube.com/watch?v=rKUuxGYlVSs

Description: Joe Vest discusses his extensive IT and security career leading to co-authoring "Red Team Development and Operations," emphasizing that effective security, particularly red teaming, requires not only technical expertise but also a deep understanding of business needs and strong communication skills, advocating for a goal-oriented approach to security testing that focuses on improving an organization's detection and response capabilities and recommending that those entering the field build a robust foundation in IT fundamentals and continuously pursue learning.

20171020 - Hiding Binaries with Joe Vest and Andrew Chiles, MINIS - Paul's Security Weekly #534

Link: https://www.youtube.com/watch?v=z1z0-BseUBo

Descrition: Joe Vest and Andrew Chiles from MINIS introduce their PowerShell tool, MetaTwin, which copies metadata and authentic code signatures from legitimate Windows binaries to malicious payloads like Beacon, demonstrating how this technique can help red teams "flavor their threats" to potentially evade detection by analysts and some security tools by blending in and mimicking trusted files, although the underlying functionality of the malicious payload remains unchanged

20160206 - Web shells as a covert channel Joe Vest - Bsides Huntsville

Link: https://www.youtube.com/watch?v=7eGFbZGEXJo

Description: Joe Vest discusses webshells as server-side code for covert remote access, highlighting the limitations and detectability of basic shells and introducing his custom Python-based tools, Subshell and Tiny Shell, designed to minimize their footprint and evade detection through techniques like post requests, HTTP header manipulation, and encoding, ultimately aiming for long-term, quiet backdoors for post-exploitation activities.

20140820 - 15 IT Security Myths How you are helping your enemy Joe Vest - TakedownCon 2014

Link: https://www.youtube.com/watch?v=huZvh8ZLgqU

Description: Presenting security 'myths' the cause poor decisions and weaken cybersecurity