Malicious Word Documents with Cobalt Strike

Now that Microsoft is blocking macros for internet and externally sourced documents, I feel its safer to talk about some of the EDR evading Word macro techniques I have used in the past. Particularly for delivering Cobalt Strike beacons. Cactus Torch is a great tool as a starting point. It takes some basic concepts such as a encoding the CS payload in memory, starting a process and injecting the payload into memory. [Read More]

OSCP: Try less harder

A while ago I earned my OSCP certification. Before that I had my GPEN and Pentest+. The Pentest+ I obtained during the beta program for the certification since the test was only $50 and I figured there was not much harm in trying. I took it practically blind (no preparation), and found out I passed in August. Shortly after I was given the opportunity to take the SpectreOps Red Team Training and after that scheduled to take OSCP training. [Read More]


Back when CompTIA had a temporary beta program for the Pentest+, I took advantage of it, and the cheap cost of the test just to give it a shot. I didn’t study for it and kind of went in blind since no study materials existed and most of what was out there for it was pure speculation. It took a while to learn the results but I’m happy to report that I passed. [Read More]

Dealing with and exploiting Struts

I’m sitting on a plane waiting for my delayed flight to Boston listening to Adam Savage rant about Apple’s lack of ease of use (of which I totally agree). I figured it was the perfect time to finish this blog. Oh yeah, why am I on a plane? I’m heading to Red Hat Summit 2017. I might write about that later. In like a year or so. Yes, I back dated this if you realize the RH Summit is in May, but I’ve been meaning to write this post for over a month. [Read More]


2016 has been another crazy year for me, and 2017 is just as crazy. I’ve been putting off updating my site for a while (a whole year). So here is a summary update of just some of the things I’ve been working on for 2016 and the first few months of 2017. Certifications: I am now a Puppet Certified Professional 2016, I guess if its not obvious, I’ve been working even more heavily with Puppet, going to training, writing modules, etc. [Read More]

CarolinaCon 12

I gave another talk for this year’s CarolinaCon 12 called “Never Go Full Spectrum Cyber”. For this talk I focused on mistakes “hackers” and even some InfoSec professionals have made and then a short summary at the end of OpSec lessons that could have prevented the mistakes covered earlier in the talk. The talk slides are here. [UPDATE: The talk video is here.] I referenced OpSec work and talks done by the grugq. [Read More]

DefCon 23 and BSides LV

I’m still recovering from Vegas even a week later. So I’m just going to link a bunch of things you should check out and mention a few cool things that happened or that I saw. PowerShell Empire - written in my two favorite scripting languages, may replace Meterpreter someday. Modern Honeypot Network - build your own cloud based network of honeypots that feed results back into a centralized server. HoneyDrive - an okay honeypot VM image (if you for some reason want to run your honeypot in VirtualBox or VMWare) I also put together a DarkNet badge, walked until my knee gave out, attended a lot of events. [Read More]

BSides Asheville 2015

Quick summary of a few cons I went to. I went to ISSA conference in Charlotte earlier with FALE, but more recently I went to BSides Asheville as a volunteer. I also participated in their CTF with some Cha-Ha members, and we came very close to winning, but placed second. Some friends and I camped out isntead of staying in a hotel, listened to bluegrass in a mountain bar and saw some talks, etc. [Read More]

Talk at CarolinaCon

I will be attending CarolinaCon again this year with FALE since we are run the LockPick Village. The big difference this year will be I am giving a talk as well. This will be my first talk at a conference of any kind. Unless something changes I’m scheduled Friday night(Mar 20th) at 10pm. Giving a talk at all was almost unexpected and only came about because they had extended the call for papers by a few days when not enough talks were received. [Read More]

Website input command injection

Someone recently asked for a free pentest in a private security related group for a site they had been working on for a while before it went live. Some of us guys at FALE obliged. Since it was a free pentest, I am taking the liberty to post about it. It was actually my first shell and first box I’ve popped that wasn’t mine. So it was a learning opportunity for me with some subtle direction by those more experienced. [Read More]