Reflecting on a Year with Fortra and Next Steps for Outflank
#outflank
When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rationale for investing time into this toolset. In 2022, we joined forces with Fortra and we can hardly believe it’s been over a year already. It was a big decision to go from being a small team of red teamers to becoming part of a large company, but we’re very pleased with the switch. In this reflection on the past 12 months, we want to provide an update on our mission, detail our continued dedication to OST, discuss the process of growing the Outflank community, and touch on where we’re headed next.
A Product Oriented Focus
One of our biggest challenges when we joined Fortra was the decision to put most of our energy into Outflank Security Tooling (OST).
via Outflank Blog (author: Marc Smeets)
#outflank
When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rationale for investing time into this toolset. In 2022, we joined forces with Fortra and we can hardly believe it’s been over a year already. It was a big decision to go from being a small team of red teamers to becoming part of a large company, but we’re very pleased with the switch. In this reflection on the past 12 months, we want to provide an update on our mission, detail our continued dedication to OST, discuss the process of growing the Outflank community, and touch on where we’re headed next.
A Product Oriented Focus
One of our biggest challenges when we joined Fortra was the decision to put most of our energy into Outflank Security Tooling (OST).
via Outflank Blog (author: Marc Smeets)
Lateral Movement without Lateral Movement (Brought to you by ConfigMgr)
#specterops
via SpecterOps Team Medium (author: Diego lomellini)
#specterops
via SpecterOps Team Medium (author: Diego lomellini)
Medium
Lateral Movement without Lateral Movement (Brought to you by ConfigMgr)
Introduction
Abusing Slack for Offensive Operations: Part 2
#specterops
via SpecterOps Team Medium (author: Matt Creel)
#specterops
via SpecterOps Team Medium (author: Matt Creel)
Medium
Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back…
Forwarded from road to OSCP
Introducing Bambdas
#portswigger
You've might have heard of Lambdas. But have you heard of Bambdas? They're a unique new way to customize Burp Suite directly from the UI, using only small snippets of Java. Changing the face of Burp Suite
via PortSwigger Blog
#portswigger
You've might have heard of Lambdas. But have you heard of Bambdas? They're a unique new way to customize Burp Suite directly from the UI, using only small snippets of Java. Changing the face of Burp Suite
via PortSwigger Blog
Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
#specterops
via SpecterOps Team Medium (author: Russel Van Tuyl)
#specterops
via SpecterOps Team Medium (author: Russel Van Tuyl)
Medium
Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
Over the past year, I’ve been working on making significant updates to Merlin in my free time. Today, I’m ready to release version 2 of…
Magento Template Engine, a story of CVE-2022-24086
#synacktiv
via Synacktiv Blog (author: Antoine Gicquel)
#synacktiv
via Synacktiv Blog (author: Antoine Gicquel)
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
#specterops
via SpecterOps Team Medium (author: Cody Thomas)
#specterops
via SpecterOps Team Medium (author: Cody Thomas)
Medium
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
New UI and quality of life updates!
It's Turtles All The Way Down
#objectivesee
Yet more ransomware targeting macOS! In this post we analyze the newly discovered "Turtle" ransomware and provide both a decryptor and a method to procactively thwart it.
via Objective-See Blog
#objectivesee
Yet more ransomware targeting macOS! In this post we analyze the newly discovered "Turtle" ransomware and provide both a decryptor and a method to procactively thwart it.
via Objective-See Blog
The SOCKS We Have at Home
#trustedsec
When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when…
via TrustedSec Blog (author: Esteban Rodriguez)
#trustedsec
When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when…
via TrustedSec Blog (author: Esteban Rodriguez)
Blind CSS Exfiltration: exfiltrate unknown web pages
#portswigger
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
via PortSwigger Research
#portswigger
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
via PortSwigger Research
Using ntdissector to extract secrets from ADAM NTDS files
#synacktiv
via Synacktiv Blog (author: Julien Legras)
#synacktiv
via Synacktiv Blog (author: Julien Legras)
Finding that one weird endpoint, with Bambdas
#portswigger
Security research involves a lot of failure. It's a perpetual balancing act between taking small steps with a predictable but boring outcome, and trying out wild concepts that are so crazy they might
via PortSwigger Research
#portswigger
Security research involves a lot of failure. It's a perpetual balancing act between taking small steps with a predictable but boring outcome, and trying out wild concepts that are so crazy they might
via PortSwigger Research
The future of Bambdas
#portswigger
Bambdas, a unique new way to customize Burp Suite on the fly with small snippets of code, were first introduced in the form of a custom filter for the Proxy HTTP history. This is just the first of man
via PortSwigger Blog
#portswigger
Bambdas, a unique new way to customize Burp Suite on the fly with small snippets of code, were first introduced in the form of a custom filter for the Proxy HTTP history. This is just the first of man
via PortSwigger Blog
Unmasking Business Email Compromise: Safeguarding Organizations in the Digital Age
#trustedsec
Business Email Compromises (BEC) within the Microsoft 365 environment are a large threat with nearly $500 Million reported in stolen funds in 2022[1]. Attackers are targeting both company and personal email accounts.…
via TrustedSec Blog (author: Steven Erwin)
#trustedsec
Business Email Compromises (BEC) within the Microsoft 365 environment are a large threat with nearly $500 Million reported in stolen funds in 2022[1]. Attackers are targeting both company and personal email accounts.…
via TrustedSec Blog (author: Steven Erwin)