Tool Release: CB Bot
Today, I release CB Bot! CB Bot is a threat hunting and incident response web application framework to use with Carbon Black (CB) Defense. Not only will you be able to run commands
Jeffrey Chan
AWS, IAM Your Father (Part II - Defensive)
In Part I of this series, we talked a bit about AWS fundamentals and how to leverage exposed EC2 instances and AWS metadata to do whatever you want (of course, given proper permissions
AWS, IAM Your Father (Part I - Offensive)
The more I hear about Amazon Web Services (AWS), the more I feel we need to dive in it a bit. With everyone moving to "the cloud", it's important to understand how things
Do You Even Bitmap Cache, Bro?
It's been a while since I last wrote a blog post. I've been busy building cool stuff and hunting for evil, so now I'm back to writing blog posts. For a while, I have had folks ask me about RDP Bitmap Cache, so I decided to write one about it.
"Tracing" Malicious Downloads
In this blog post, I will be covering a very interesting artifact found in the Windows registry, which indicates whenever an executable (i.e. legitimate and illegitimate) attempted to establish a network connection to download files for the first time.
RDP Over Tor
Recently, I encountered a threat actor leveraging Tor to establish Remote Desktop Protocol (RDP) sessions from a victim system to an attacker-controlled server. In this blog post, we will cover the basics of proxying RDP traffic over TOR and how to set it up, with tips to avoid being detected.