Red Team @NCCGroupInfoSec FSAS // Cyber Team Hunter on @Channel4 #Hunted

Joined May 2011
Adding some new features to our internal inline-execute-assembly BOF :D Safety first!
4
20
79
Releasing PyBeacon. A collection of scripts for dealing with Cobalt Strike beacons in Python. Covers: - staging - asymmetric encryption and metadata parsing - symmetric encryption (tasks) and decoding - beacon registration - beacon callbacks github.com/nccgroup/pybeacon
3
126
294
This is mostly a set of utility scripts that helped me when researching for our "Striking back at Retired Cobalt Strike" blog (see below) Given that more people have been digging into CS internals recently, I thought it might come in handy. research.nccgroup.com/2020/0…
2
1
11
"..something something.. Educational Purposes Only". Don't blame me if you get Rick rolled by the Blue Team 😆
2
0
17
3 months of honeypot data related to F5 (& a small amount of Citrix) exploitation released today Includes: ✅ PCAP of all web traffic ✅ IDS Rules for mitigation F5 bypass ✅ Interesting findings and stats ✅ A pretty cool webshell Dive into the data and see what you can find!
Blog: We have released three months of honeypot web traffic data related to the F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 exploitation events from earlier this year - insights and intel on Iran and others -research.nccgroup.com/2020/1…
1
49
104
Blog: We have released three months of honeypot web traffic data related to the F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 exploitation events from earlier this year - insights and intel on Iran and others -research.nccgroup.com/2020/1…
3
54
112
Technical Advisory - Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243) by @buffaloverflow and @johnnyspandex research.nccgroup.com/2020/1…
1
78
174