So it began, the journey to #CRTO

Got in some practice "pillaging" DPAPI. Next, more lateral movement practice. #CRTO #GetSmart

Phishing bit worked. Need to rework the persistence. First crack didn't work as expected. #CRTO #GetSmart #PracticeMakesPerfect

Gone Phishing #beautifulDay #CRTO #GetSmart

We are thrilled to announce that #AdversaryWars #AdversaryVillageCTF at @defcon 31 has secured a Gold sponsorship from Zero-Point Security and RastaMouse, the creator of the awesome #CRTO #RedTeamOps #AdversarySimulation course.
We extend our heartfelt gratitude to #ZeroPointSecurity and Rasta for their unwavering support to the #AdversaryVillage community.

For more information, please visit our webpage: https://adversaryvillage.org/adversary-events/DEFCON-31/
Learn more about Zero-Point Security training: https://training.zeropointsecurity.co.uk

#PurpleTeam #BreachSimulation #BAS #AdversaryTactics #DEFCON31 #AdversaryEmulation #AdversaryMindset #AdversaryTradecraft #CTF #AdversaryWarsCTF #DEFCON

#hack100days Day 10. Back to #CRTO and the lab. More initial compromise and some host enumeration. #RedTeam #CobaltStrike

#hack100days Day 8. More time on #CRTO, finally got into the lab and worked on the Initial Compromise section. Got acquainted with [[https://github.com/dafthack/MailSniper|Mailsniper]]. (Reckon its utility is shrinking as OWA and Exchange install bases shrink.)

Cleared my #CRTO Red Team Operator exam this week from Zero Point Security. Great course and exam experience!

#hack100days Day 7. Spent more time on extending #CobaltStrike section of #CRTO. Grokking Aggressor Scripts are CS client extensions. Looked harder at Beacon Object Files, not sure if that's going to be important for the test, though. Found https://github.com/CCob/BOF.NET as a way to pull in some .Net, but it's not yet obvious to me how that works. Regardless. Must. Hit. The. Lab.

#hack100days : day 79 : More CRTO. Read a bit about C2 profiles for v4 of CS: https://infosecwriteups.com/red-team-cobalt-strike-4-0-malleable-c2-profile-guideline-eb3eeb219a7c No time in the lab, which is lame. #GetSmart #CRTO #PimumNonNocere

#hack100days : day 78 : Worked on CRTO. Spent some time in the lab. Got some results I expected. Got some I didn't. Fleshed out notes. #GetSmart #CRTO #PrimumNonNocere

#hack100days: day 74 : (D'oh. Yesterday was actually day 73.) Restarted the CRTO modules. Signed up for the lab. Working through the material and building out notes for the exam. #RedTeam #CRTO #GetSmart

#hack100days: day 72 : (yesterday I watched soccer.) Finished up the CRTO modules. Time to sign up for the lab and go through it again. #RedTeam #CRTO #PrimumNonNocere

#hack100days : day 72 : CRTO today. Eighty percent through first pass. Goal is to get through it over the weekend and start hitting the lab next week. #RedTeam #CRTO #PrimumNonNocere

#hack100days : day 55 : Completed three more #CRTO sections, maybe about a 1/3 of the way through--so far, mostly review. Added another item to the #ThreatHuntThursday list. #redteam #GetSmart

#hack100days : day 54 : Completed credential theft section for #CRTO, got some good ideas for #ThreatHuntThursday for log events and access patterns I hadn't though of before. #redteam #GetSmart