“/ blue teams - functionality - add / remove / modify features and capabilities as the team requires the red team infrastructure wiki is a great example and resource of this exact concept. you can read more at https : / / github. com / bluscreenofjeff / red - team - infrastructure…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
73%
“and tcp for dns beacons and evil dns things you may need - cobalt strike team server port ( 50050 ) - our custom ssh port ( 7654 ) save the rules and then apply them to your droplets. you can either select droplets by name or by tag and add the firewall rules to all of them. very…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
73%
“is you can automatically receive emails and connect the alerts into a slack channel. any new performance alerts will be sent your specified slack channel. conclusion this script is in its early phase and i hope to develop a framework with some killer automation features. for now,…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1583.001Domains
72%
“how to build a c2 infrastructure with digital ocean – part 1 how to build a c2 infrastructure with digital ocean – part 1 lee kagan * / / advisory : the techniques and tools referenced within this blog post may be outdated and do not apply to current situations. however, there is…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
69%
“for redblack security ’ s rogue team specializing in threat and adversary emulation in toronto, canada. lee ’ s focus on the team and in practice is offensive infrastructure support, post - exploitation of windows and active directory environments, powershell and c # weaponizatio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
57%
“cnc3 ”. going forward i will be demonstrating the rest of our deployment on “ cnc1 ” for the sake of time but the process will be identical to the others. the droplets should take a short moment to be created. once they are live, ssh in using the root account and the ssh key you …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071Application Layer Protocol
35%
“will then copy over the custom sshd configuration file it ships with but this is entirely optional to your preferences. simply comment this out if you do not wish for this to happen. the firewall rules i demonstrated in the control panel will be set and saved across reboots then …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
34%
“invokethreatguy / c2k - dns configuration access for your domain ( s ) - will need to set dns a records the infrastructure we are going to set up will do the following ( mostly scripted ) : - deploy our droplets via digital ocean web ui - ssh into each and add new sudo user, add …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]
