Offensive Security - 101 Start Up

I read with interest how various Western Red Teams go through all lengths to get a single Mitre test working nicely, dumping lsass.exe. In addition, the Blue Teams have a lot of help in this area with EDRs aka expensive Endpoint Detection and Response software hitting all alerts when you even try to get near to lsass.exe process. Most of the red team companies do write great blogs documenting the efforts they put in their process dumpers.  Obviously they will not share their secret sauce in a free blog. The logic is simple, why let their months of hard work go down the drain when some nice chaps will download their work to Virustotal or turn them into some machine learning generated signatures when the commercial EDR companies tow Virustotal for intelligence. If you read their blogs carefully, how do they fool the EDRs using merely C/C++?  Yes, the mention syscall but they do not go reveal all their secrets easily. Ok, luckily my C/C++ and x86 Assembly are largely intact despi...

Strangely by default, the bash debugger or bashdb is not part of the build, so apt installs are out. Therefore we need to spend some time to get bashdb up and and working.    We will need 3 components or the bashdb deb package will complain bitterly that libreadline6 and multiarch-support are missing and refuse to budge. To solve this problem, we need to install bashdb from the deb packages manually.  Go the following websites to download the deb install packages for the following; https://packages.debian.org/jessie/amd64/libreadline6/download https://packages.debian.org/jessie/amd64/multiarch-support/download https://ubuntu.pkgs.org/16.04/ubuntu-universe-amd64/bashdb_4.3.0.91+ds-4_amd64.deb.html To install, su to root and type dpkg -i <deb-package-name> to install the 2 required libraries before installing bashdb . Next fire up the Visual Studio Code that is pre-installed on Parrot OS, for some strange reason, Visual Studio Code is given a strange nam...

This is rather important, take good care of your eyes, change the Font's DPI if you are working on a larger monitor. Click System -> Preferences -> Look and Feel -> Appearance At the dialog box, click Font and click the Detail button. 150 DPI is the best setting for FHD monitors e.g. 1920x1080. Very important, take good care of your eyes when you are going to be spending hours on the monitor soon!

Offensive Security is a great way to improve your corporate cybersecurity posture. I like the idea as it similar to a old chess principle, "attack is the best defense". Unlike a table top exercise or audit, you can test your exploits' or cyber security offensive ideas to probe security gaps in your corporate network. Hosting labs on virtual machines is a great idea, without risking your regular workstation, accidents can sometimes happen when your kernel exploits go haywire or you rather NOT run vulnerable goat virtual machines on your home WiFI networks. Oracle VirtualBox are a good way to start as I cannot imagine paying for a VMware workstation suite. Invest some time and visit the site below.  You will get good instructions to download and install the virtual machine software. https://www.virtualbox.org/wiki/Downloads At the URL https://www.virtualbox.org/wiki/Downloads Look for a section that says "VirtualBox Extension Pack" and click "All Supported pl...