Red Teamer | Hobbyist Software Developer | Operator @SpecterOps Developer: Covenant, SharpSploit, PSAmsi

Dallas, TX
Joined December 2010
I’m very excited to share a new project that I’ve been working on for a long time: Covenant, a collaborative .NET command and control framework! [blog/tool] Entering a Covenant: .NET Command and Control - posts.specterops.io/entering…
26
316
627
Ryan Cobb retweeted
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
6
78
186
Show this thread
Ryan Cobb retweeted
New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
5
215
423
Show this thread
Interested in what the new .NET 5 means for red teamers and malware developers? Join us tomorrow (Friday, Nov 20th) for a free, virtual presentation at SO-CON: .NET Core for Malware Sign up here: eventbrite.com/e/so-con-2020…
0
1
29
Join us tomorrow (Friday, Nov 20th) at 10 AM PST / 1 PM EST for a free, virtual workshop “Operating with Covenant” at SO-CON! @slyd0g and myself will demonstrate how Covenant can help your team conduct red team operations. (Bring your own VMs) 🙂
SO-CON Workshop Announcement - Operating with Covenant by @cobbr_io Attendees will learn basic and advanced usage, how to customize their tradecraft, and how Covenant can help them conduct red team operations. Sign up here: so-con-2020.eventbrite.com
1
12
48
Ryan Cobb retweeted
SO-CON 2020 Keynote Announcement: How Do Ghosts Grow Up? In this session, our CEO @davidpmcguire will talk about our collective journey and how we hope to leave a positive impact on our community. Register for SO-CON 2020: so-con-2020.eventbrite.com/
0
10
22
A great example of how an operator might do their own work on evasion to make public tooling, like Covenant, more useful operationally.
0
12
65
Ryan Cobb retweeted
SO-CON Talk Announcement - Hey, I'm Still in Here: An Overview of macOS Persistence Techniques @_D00mfist will talk through several lesser known macOS persistence methods, automation opportunities, and indicators generated by each method. Sign up here: so-con-2020.eventbrite.com
0
19
59
Lessons learned: * Never git add -A * Git hooks can save you a lot of trouble
1
0
14
Show this thread