Building a Convincing USB Drop

One of my favorite attack vectors is the USB drop. At SecureState, our two go-to drops are the Rubber Ducky and […]

Bypassing Gmail’s Malicious Macro Signatures

Malicious macros in Excel spreadsheets are one of the most common methods of delivery in phishing attacks. If the premise […]

Leveraging MS16-032 with PowerShell Empire

It’s not very often in the life of a pentester that you find a point-and-click exploit that works right out […]

No RDP, No Problem!

The Setup I conducted some phishing for a pentest this past week. My ulterior motive was to have an opportunity […]

Empire: An Elegant Weapon for a More Civilized Age

  Empire, developed by @harmj0y, @sixdub, and @enigma0x3, debuted earlier this month at BSides Las Vegas.  In the words of […]