I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map

This blogpost will be a bit different, as it's going to tell a bit of a story... In this blogpost I want to achieve 2 objectives: address a question I keep hearing and seeing pop up in my DM every now and then, "how do I become a red teamer/ how do I become a … Continue reading I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map

Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike

Ever needed a notifier when a new beacon checks in? Don't want to keep checking your Cobalt-Strike server every 5 minutes in the hopes of a new callback? We got you covered! Introducing the notification-service aggressor script available athttps://github.com/NVISOsecurity/blogposts/tree/master/cobalt-strike-notifier If the above image resonates with you, you'll know that the point between sending out your … Continue reading Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike

NVISO and QuoIntelligence Announce Strategic Cooperation

We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other.   The TIBER-EU Framework, More Critical Now Than Ever  … Continue reading NVISO and QuoIntelligence Announce Strategic Cooperation

MITRE ATT&CK turned purple – Part 1: Hijack execution flow

The MITRE ATT&CK framework is probably the most well-known framework in terms of adversary emulation and by extent, red teaming.It features numerous TTPs (Tactics, Techniques, and Procedures) and maps them to threat actors. Being familiar with this framework is not only benefiting the red team operations but the blue team operations as well! To create … Continue reading MITRE ATT&CK turned purple – Part 1: Hijack execution flow

Unmanaged file searching with Filesearcher.exe

During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file … Continue reading Unmanaged file searching with Filesearcher.exe

What’s in a name? Thoughts on Red Team nomenclature

In my previous post, I promised to expand on the distinction between adversary emulation, adversary simulation, red teaming, and purple teaming, or at least how I tried to distinguish these terms in a way that made sense to me Emulation and simulation; I've heard both terms used interchangeably to refer to the same type of … Continue reading What’s in a name? Thoughts on Red Team nomenclature