BaffledJimmy

@SEKTOR7net Thanks for the shoutout dude 👍🏻👍🏻 it's MacDonald but all good 😝)

Meshed networking for C2 comms. A thorough considerations of how to reshape implant communications using meshed networking approach during red team exercises. A great post by Tom McDonald. Source: tommacdonald.co.uk/ideas-for-mesh… #redteam #blueteam #maldev

Can we have better implant comms please? Some ideas for different options and design ideas. tommacdonald.co.uk/ideas-for-mesh… Woo Claude etc.

@HackingLZ 👀

👀 tommacdonald.co.uk/what-can-red-t…

Wrote some bumph on why cyber/red teaming needs to get better at learning from outside cyber. tommacdonald.co.uk/what-can-red-t…

Had an idea to hide our links and payloads behind human facial validation AI. tommacdonald.co.uk/using-azure-ai…

@domchell Haha yeh I have a funny story about that 😂

@BaffledJimmy Been waiting 5 years for your next post mate...

Wrote up some notes on Puppet 101 and abusing Puppet across Linux / Windows. Comes with a Lab / Repo / POCs. tommacdonald.co.uk/abusing-puppet…

@anthemtotheego @chvancooten @MarcOverIP @capt_red_beardz Would you record it and release it as a webinar or similar instead?

@chvancooten @MarcOverIP @capt_red_beardz Nice! Our talk focused on team R&D. From tracking of operational/tooling gaps, prioritization, standards, automation, focused team efforts, etc. Basically how you do the most important part of red teaming… work as a team.

Seeing these posts on R&D and its place in red teaming really makes me wish @capt_red_beardz and my talk on this very subject got accepted. There’s a ton to unpack here and a lot of lessons learned. I can’t overstate the importance of R&D as the industry moves forward.

A bunch of nerds: Your code needs to be memory safe to move the industry forward Every CVE in 2024: if you add a funny character to this URL parameter you can execute commands as root

@domchell @assume_breach @__invictus_ Nessus down socks just takes so long these days.....

@assume_breach @__invictus_ It doesn't 🙃

With this season of Hell's Kitchen being over, I thought I would do a follow up to my post based on some of the feedback I got. I won't do another one. Next Level Chef starts this week. link.medium.com/o6xG0vaBOGb

@domchell @sardaukar_77 @anthemtotheego @Jhaddix @HackingLZ Exactly this ^ TI reports are often against tiny orgs or massive lumbering orgs with crappy EDR and politics. RT is often in the echo chamber in the middle :)

I mean, the majority of TTPs we see in threat intel reports would not be successful against any average maturity org. The reason we hear about them is because they got detected. I don't believe they are representative of the TTPs used by any Expert adversary (where Expert is defined by STIX). Putting aside the cred stuffing type stuff (which again I think most average maturity clients have got handled), I challenge anyone to try replaying the TTPs in the CISA reports against CrowdStrike, SentinelOne, MDE or any of the other major EDRs and see how far they get.

Watching people's responses to offensive testing getting more challenging year over year when that is the entire point is entertaining. The idea of git clone pwn fading and the realization there are ongoing investments in R&D or acquiring paid tooling isn’t easy. It was always about raising the bar.

@HackingLZ Most red team people have no clue on how to build enterprise cyber resiliency at scale. They believe bypassing EDR is the be all and end all. It's an enabling action. Most clients treat RT as point in time activities rather than 'how _could_ this play out'.

What infosec opinion(please no OST😂) has you like this?

I'm going to release a realistic red teaming course where we just read Confluence, wikis, shares, and git repos all day and write reports for several hours at the end.

New features coming in #activedirectory? Say it ain't so!!!!: learn.microsoft.com/en-us/windows-…

Scaling detection and response operations at Coinbase part 2 & 3: 🔍 Driving context into detection logic with machine and user profiles 🔧 Codifying automatic remediation for high-risk detections 📫 Automating alert triage with employees via Slackbot coinbase.com/blog/scaling-d…

@zeropointsecltd If you do CRTO you are about 500% over prepared for CCSAS 🤣.

Friendly reminder that ZPS is the only approved training provider for CCSAS. If you're going after your certification, make sure to check out RTO as part of your learning journey. training.zeropointsecurity.co.uk/courses/red-te…

I’ve just publicly released SQLRecon v3.3. This release includes many features that were used privately by the @xforcered Adversary Services team on real-world red team operations. Please share, enjoy, and use responsibility. Hmu if you have any questions! github.com/xforcered/SQLR…

Introducing ETWHash! ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline. labs.nettitude.com/blog/etwhash-h…

@__invictus_ @HackingLZ One eye looking for enemy in depth 🤣

@HackingLZ I'll only use this if they make it so one eye is looking at the camera whilst the other is looking away

Yea I definitely need to use this 100% chance it will freak people out on team calls 😂

@_xpn_ @chompie1337 Pics or | out!

@chompie1337 Fuck I’ve got all of my fingers done and back of my hands being done this year… guess it’s these kinds of companies we wouldn’t wanna work at anyway :/

wow. as someone with full sleeves, I’ve thought about how tattoos would affect my employment exactly 0 times. cuz u know it’s 2023