Redteam on Zach Grace

Red Team Telemetry Part 1

Fri, 01 Jun 2018 00:00:00 +0000

After building and releasing PWNboard, I got some great feedback from many folks especially Vyrus (seriously thanks!). Vyrus gave me a little insight into what he and the National CCDC team were prepping which made me realize they were leagues ahead of PWNboard. But it served as pure inspiration.

I started thinking about Red Ream Telemetry (RTT) beyond CCDC, what lengths could one take it to and how could I use telemetry to convey impact and insights on red team engagements. A few ideas came to mind almost immediately, have better insight into red team operations and have a log of all actions taken against a target/organization help the blue team improve their defenses.

CCDC Red Team PWNboard

Sun, 04 Mar 2018 00:00:00 +0000

I built an operations tool for our Midwest CCDC Red Team called PWNboard. Our biggest challenge in these competitions is that we’re in a virtual environment where teams can revert the machines at any point and essentially kill our access. So monitoring the checkins and backdoors is essential to maintaining access for the duration of the event. And that’s why I made PWNboard, an operational board that monitors our implants and backdoors. As Tim MalcomVetter put it, it’s offensive inventory management.

Hybrid Cobalt Strike Redirectors

Tue, 20 Feb 2018 00:00:00 +0000

Working for an organization with a strict data security policy puts a few challenges on a Red Team, especially when it comes to building robust infrastructure. m0ther_ and I set out to build a robust, multi-redirector infrastructure similar to what Raphael Mudge described in his blog post, Cloud-based Redirectors for Distributed Hacking, except we wanted to host the team server on-prem. The post below describes two iterations of infrastructure we built to meet our needs.