Page not found. Your pixels are in another canvas.
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
This is a page not in th emain menu
I recently started describing how to track red team operations in my Apfell project. It’s pretty rudamentary, and there’s a lot that still needs to be done, but it’s a start. I covered the idea of tracking individual payloads, but there’s still a few things missing. One of which is the idea of a command and control (C2) profile.
In my previous post, I started describing what I want to see in offensive frameworks in terms of tracking. I spent the past week updating Apfell to start including this kind of logic to support a broad range of features that will come soon.
There are currently a lot of amazing frameworks out there (open source or for purchase), so people are probably wondering why I started the long process of creating my own framework. I wanted to take a few minutes to walkthrough some of the current frameworks and discuss what I like, what I wish was different, and finally some of the bigger goals of my framework.
It’s been a long time since my last post, but it’s finally time for the bare-bones Apfell server code release. There will also be a drop of a bare-bones Apfell implant to go with it and an accompanying blog series coming soon talking about design decisions, future ideals, and updates.
Ok, now that we’re starting to get a bunch of stuff added to our ecosystem, we want to make sure that it’s not just open to anybody. Additionally, we’ll want people to actually log in so that we can track which operators do which commands, spawn which processes, and create which payloads. I’ve seen a lot of times where we’ll get seemingly random new callbacks and have to check with everybody to track down that somebody spawned a new, redundant access. Eventually this will even be an interesting way to lock down the capabilities of certain operators so that they have to get approval from more senior members of a team before being able to do potentially OPSEC unsafe techniques. How will we do this? Initially, we’ll create a registration page and login page that submits a web form. Then, we’ll go through and mark that certain pages need authentication to be accessed.
At the end of the last post we were starting to make some progress. We had a very basic RESTful interface that can communicate with a postgres database and a basic templeting engine to create a graphical user interface. To do this, we leveraged Jinja2 and the twitter bootstrap for making our user interface. If we go back to our original diagram, we’re only missing a few more pieces.
At the end of the last post we ended up with a very basic RESTful interface that can communicate with a postgres database. To do this we leveraged peewee (for our ORM) and peewee-async (for our connections). If you go back to our initial diagram of what all will be included in this, we started with the web server in the middle. We used Python 3.5+ and Sanic in general to get a RESTful interface. Then, we used postgresql, peewee, peewee-async, asyncio, and uvloop to create an asyncrhonous loop for doing database interactions and hooking those up to our prior RESTful API.
At the end of the last post we ended up with a very basic RESTful interface to work with some ‘operators’ and ‘callbacks’ by leveraging Python 3’s asyncio (
await) and the Sanic project. From the first post, we said there are three main parts for this section of our project:
- Web Server (Sanic)
- User Interface
Due to the nature of the work, many Red Teamers have a much stronger focus on Windows Enterprise networks. Because of this, Red Teamers have a myriad of tools and experience querying Active Directory from a windows box. Many Red Teamers start off with the common
net localgroup commands, and now everybody is familiar with Will Shroeder’s PowerView project. Some red teamers still want to use something like
dsquery to do some custom LDAP queries like
dsquery * -filter “(&(objectclass=group)(name=*admin*))” -limit 1 (this is also possible with PowerView). You can even run something like the BloodHound Project to quickly get an insane amount of Active Directory information if you have the ability to run PowerShell or C# code. What if you’re on a Mac though?
Short description of portfolio item number 1
Short description of portfolio item number 2
Published in Journal 1, 2009
This paper is about the number 1. The number 2 is left for future work.
Recommended citation: Your Name, You. (2009). "Paper Title Number 1." Journal 1. 1(1). http://academicpages.github.io/files/paper1.pdf
Published in Journal 1, 2010
This paper is about the number 2. The number 3 is left for future work.
Recommended citation: Your Name, You. (2010). "Paper Title Number 2." Journal 1. 1(2). http://academicpages.github.io/files/paper2.pdf
Published in Journal 1, 2015
This paper is about the number 3. The number 4 is left for future work.
Recommended citation: Your Name, You. (2015). "Paper Title Number 3." Journal 1. 1(3). http://academicpages.github.io/files/paper3.pdf
Common domain enumeration commands for Windows, Mac, and LDAP: Gist Page
JS/Python/HTML, GitHub, 2018
A Python-based web server framework for collaborative red teaming against masOS endpoints for post-exploit assessments.