{ "id": "bb313fb6-4272-41e6-91bf-bf36bcc56492", "created_at": "2026-04-06T00:08:59.215685Z", "updated_at": "2026-04-10T13:11:51.80113Z", "deleted_at": null, "sha1_hash": "7f99c6eca34ed55693c16ba2c7dd930314b25071", "title": "Justin Warner – Medium", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 191053, "plain_text": "Justin Warner\r\n76 followers\r\nFollow\r\nHome Activity New About\r\nUsing Kaitai to Parse Cobalt Strike Beacon Configs\r\nI have seen a definite uptick in security researchers hunting Cobalt Strike\r\nservers, and tweeting/sharing indicators or config data. There…\r\nApr 6, 2021\r\nDo You Miss Being a Red Teamer?\r\nIt is a question that gets posed to me pretty frequently: “Do you miss being a red teamer?” If you\r\ncame all the way to my blog to see the…\r\nJul 23, 2018\r\nInfrastructure Diversity—Hunting In Shared Infrastructure\r\nAs an attacker, it is all too easy to settle down into a rhythm. That rhythm of operations, the\r\nspecific techniques and automation involved…\r\nApr 5, 2017\r\nOpen in app Sign up Sign in\r\nSearch\r\nTo make Medium work, we log user data. By using Medium, you agree to\r\nour Privacy Policy, including cookie policy.\r\nhttp://www.sixdub.net/?p=367\r\nPage 1 of 3\n\nCommon Ground Part 3: Execution and the People Factor\r\nThis is part three of a blog series titled: Common Ground. In Part One , I discussed the\r\nbackground and evolution of red teaming. I dove…\r\nJul 5, 2016\r\nCommon Ground: Planning is Key\r\nThis is part two of a blog series titled: Common Ground. In , I discussed the\r\nbackgrounds and evolution of red teaming, diving deep into…\r\nJun 28, 2016\r\nCommon Ground Part 1: Red Team History \u0026 Overview\r\nOver the past ten years, red teaming has grown in popularity and has been adopted across\r\ndifferent industries as a mature method of…\r\nJun 24, 2016\r\nCreepy User-Centric Post-Exploitation\r\nI love seeing red and blue teams square off during an engagement. It works best\r\nif both sides avoid selfish desires and focus on the task…\r\nMay 16, 2016\r\nEmpire \u0026 Tool Diversity: Integration is Key\r\nSince the release of PowerShell Empire at BSidesLV 2015 by Will Schroeder\r\n(@harmj0y) and myself, the project has taken off. I could not be…\r\nFeb 11, 2016\r\nTo make Medium work, we log user data. By using Medium, you agree to\r\nour Privacy Policy, including cookie policy.\r\nhttp://www.sixdub.net/?p=367\r\nPage 2 of 3\n\nRemote Weaponization of WSUS MITM\r\nNetwork attacks (WPAD Injection, HTTP/WSUS MITM, SMB Relay etc.) are a very\r\nuseful attack vector for adversaries trying to laterally…\r\nFeb 5, 2016\r\nDerivative Local Admin\r\nIntro\r\nJun 5, 2015\r\nTo make Medium work, we log user data. By using Medium, you agree to\r\nour Privacy Policy, including cookie policy.\r\nhttp://www.sixdub.net/?p=367\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "http://www.sixdub.net/?p=367" ], "report_names": [ "?p=367" ], "threat_actors": [ { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434139, "ts_updated_at": 1775826711, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7f99c6eca34ed55693c16ba2c7dd930314b25071.pdf", "text": "https://archive.orkl.eu/7f99c6eca34ed55693c16ba2c7dd930314b25071.txt", "img": "https://archive.orkl.eu/7f99c6eca34ed55693c16ba2c7dd930314b25071.jpg" } }