Tom BolenEnhancing the Caldera Scheduling ComponentIf you saw my last blog, you’ll know that I am in the process of developing an automated TTP testing environment at Code42. Caldera, the…3 min read·May 18, 2021----
Tom BolenAutomating Adversary TTP TestingAs a Red Team Engineer, part of my responsibilities includes emulating adversary activity in Code42’s environment. The MITRE ATT&CK…2 min read·Mar 31, 2021----
Tom BolenStealing Session Tokens and Credentials with ModlishkaAs a member of a small Red Team, many of the engagements I participate in operate under the “assumed breach” model. This model operates…6 min read·Nov 23, 2020----
Tom BolenObfuscating Remote SSH Command & ControlIn my last blog post, I detailed how we can use shell aliases to trick users into giving us access to their authenticated SSH channel(s)…2 min read·Aug 13, 2020----
Tom BolenLateral Movement via SSH Alias AbuseIf you’re attempting to gain unwanted access to a server and the only port open is running SSH, you’re probably not too thrilled. A…3 min read·Jul 23, 2020----
Tom BolenUserland Persistence on MacOSAs a Red Teamer, there is nothing more frustrating than discovering that your initial attack vector to a system no longer works. All of…3 min read·Mar 30, 2020----
Tom BolenKicking Off Post Exploitation On Unix-like SystemsWhen people think of a typical hacker, they often picture a suspicious-looking fellow sporting a hooded black sweatshirt hunched over a…5 min read·Jan 27, 2020----
Tom BolenAgent Health on Enterprise EndpointsAn important function of IT and security teams is the management and securement of enterprise endpoints. This is a somewhat trivial task…3 min read·Jan 9, 2020----