Justin WarnerUsing Kaitai to Parse Cobalt Strike Beacon ConfigsI have seen a definite uptick in security researchers hunting Cobalt Strike servers, and tweeting/sharing indicators or config data. There…9 min read·Apr 6, 2021----
Justin WarnerDo You Miss Being a Red Teamer?It is a question that gets posed to me pretty frequently: “Do you miss being a red teamer?” If you came all the way to my blog to see the…3 min read·Jul 23, 2018----
Justin WarnerInfrastructure Diversity — Hunting In Shared InfrastructureAs an attacker, it is all too easy to settle down into a rhythm. That rhythm of operations, the specific techniques and automation involved…5 min read·Apr 5, 2017----
Justin WarnerCommon Ground Part 3: Execution and the People FactorThis is part three of a blog series titled: Common Ground. In Part One , I discussed the background and evolution of red teaming. I dove…7 min read·Jul 5, 2016----
Justin WarnerCommon Ground: Planning is KeyThis is part two of a blog series titled: Common Ground. In , I discussed the backgrounds and evolution of red teaming, diving deep into…12 min read·Jun 28, 2016----
Justin WarnerCommon Ground Part 1: Red Team History & OverviewOver the past ten years, red teaming has grown in popularity and has been adopted across different industries as a mature method of…12 min read·Jun 24, 2016----
Justin WarnerCreepy User-Centric Post-ExploitationI love seeing red and blue teams square off during an engagement. It works best if both sides avoid selfish desires and focus on the task…6 min read·May 16, 2016----
Justin WarnerEmpire & Tool Diversity: Integration is KeySince the release of PowerShell Empire at BSidesLV 2015 by Will Schroeder (@harmj0y) and myself, the project has taken off. I could not be…6 min read·Feb 11, 2016----
Justin WarnerRemote Weaponization of WSUS MITMNetwork attacks (WPAD Injection, HTTP/WSUS MITM, SMB Relay etc.) are a very useful attack vector for adversaries trying to laterally…10 min read·Feb 5, 2016----