Assemble Your Crew

Over the years, we constantly tell newcomers to the field of Information Technology (IT) Security to “GET INVOLVED” in the Security community, but do we truly tell them how or where to begin. If you are new to a field the last thing you want to be is a poser. In the past, CyberGuider has publish related articles that speaks to the newcomer in what to do to help them get involved in the community by doing CTFs, joining local or online groups, attending Security conferences or training’s, listening to recommended security podcast, etc. This week, if not any, has affirmed my belief that getting involved in the security community early on is crucial to help build successful relationships and foster information sharing. You will soon see that the community is small but tight knit which makes a world of difference for your development and growth.

Due to the recent quarantine orders, many organizations are offering free security training to boost your skill set while staying in place. One such company is Black Hills Information Security who offered a FREE Active Defense & Cyber Deception 4-hour webinar with John Strand.

On the day of the class the energy was super amplified due to the isolation situation (I’m sure we were all ready to talk to someone other than ourselves, our kids or cats). The attendees of like-minded people grew into the thousands helping and communicating with each other. This is when I thought to myself, “This would be an awesome experience for a newcomer”. What was impressive about the group, separate from the amazing training materials, was the wealth of knowledge shared that was not apart of he training material from various level of professionals. I learned about a couple of obfuscation and others technical tools that was not on my radar that would have made past task easier. It is for this reason why CyberGuider believes sharing the knowledge gained and your willingness to help each other is why you are reading this article now.

The list of tools below and their functionality are impressive and useful assets to have in your toolkit. I learned a long time ago not to re-invent the wheel but improve upon its design.

Here are the list of tools:

PyFuscation
https://github.com/CBHue/PyFuscation
https://www.cyberguider.com/bypassing-windows-defender-the-tedious-way/
Description: Obfuscate PowerShell scripts by replacing Function names, Variables and Parameters.

Invoke-Obfuscation
https://github.com/danielbohannon/Invoke-Obfuscation
Description: PowerShell Obfuscator.

EvilClippy
https://github.com/outflanknl/EvilClippy
Description: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Bashfuscator
https://github.com/Bashfuscator/Bashfuscator
Description: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Slingshot C2 Matrix
https://howto.thec2matrix.com/slingshot-c2-matrix-edition
Description: The Slingshot CS Matrix Edition was made in collaboration with SANS, Ryan O’Grady, and C2 Matrix contributors. The goal is to lower the learning curve of installing each C2 framework and getting you straight to testing which C2s work against your organization. Slingshot C2 Matrix Edition is ideal for red team, blue team, and purple team functions.

Pyarmor
https://pypi.org/project/pyarmor/
Description: PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

Canarytokens
https://canarytokens.org/generate
Description: Canarytokens helps track activity and actions on your network.

TrevorC2
https://github.com/trustedsec/trevorc2
Description: TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil.

GTFOBINS
https://gtfobins.github.io/
Description: GTFOBins is a curated list of UNIX binaries that can be exploited by an attacker to bypass local security restrictions.

These are just a few. Some of these tools I knew about and some I had no idea, but I am willing to try them. Hopefully in the process both you and I will learn, build upon current skills and teach someone else how to use these tools. This is how you add value to the community whether newcomer or long timer. As a part of the community, CyberGuider prides itself on sharing information gained to ultimately help the next person and pay it forward to individuals starting down the IT security path.  

Lastly, without attending training like what Black Hills offers or other vendors, your exposure to new information and people will be limited. In addition, your growth in this field could be stagnant if you don’t forge key relationships in the community. Half of the battle is showing up and being willing to learn so…. ASSEMBLE YOUR CREW!

Spread the word. Share this post!

Written by CyberGuider

Become One

https://twitter.com/cyberguider