StreamIO domain/cert monitoring
I've been using Certificate Transparency as a source to detect phishing campaigns by using simple regex and fuzzy term monitoring. Recently I started developing an…
3 min read
Reternal Relay discovery with mDNS/Bonjour (WIP)
Inspired by an article discussing P2P command and control relaying I made an attempt at implementing mDNS to discover pivot points on a (local) network…
2 min read
Certificate transparency mirror
In my previous article I wrote about using Faust to process certificate transparency data. To test accuracy and responsiveness I started storing all certificates in…
1 min read
Supercharged certificate monitoring with Faust
Faust (https://faust.readthedocs.io/en/1.0/index.html) is a Python library for stream data processing. It allows you to asynchronously process data…
3 min read
Simulating MITRE ATT&CK with RE:TERNAL
MITRE ATT&CK(https://attack.mitre.org) is a pre-defined framework that categorises existing adversary techniques. The MITRE organisation puts a lot of effort…
4 min read
Retaining beacon source IPs with HAProxy relays
During a red team exercise it's common to set up a relaying infrastructure to separate your external facing footprint from the actual command and control…
5 min read