BlackArrow's Blog

Red team & Threat hunting Blog

Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic

Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic

During a recent operation, the Red Team got local admin privileges on a workstation where an EDR solution was identified. In this scenario, the next step to proceed with the engage[...]

Read more
From N-day exploit to Kerberos EoP in Linux environments

From N-day exploit to Kerberos EoP in Linux environments

In one of its operations, the Red Team achieved command execution in a perimeter web page as a non-privileged user. This article describes the analysis and exploiting of a vulnerab[...]

Read more
Analyzing an RFID scanner: bad habits never die

Analyzing an RFID scanner: bad habits never die

[...]

Read more
Ragnarok Stopper: development of a vaccine

Ragnarok Stopper: development of a vaccine

[...]

Read more
Kerberos (III): How does delegation work?

Kerberos (III): How does delegation work?

Introduction There are several kinds of delegation implemented by using the Kerberos protocol. Basically, delegation allows a service to impersonate the client user to interact wit[...]

Read more
Kerberos (II): How to attack Kerberos?

Kerberos (II): How to attack Kerberos?

[...]

Read more
1 2 3