Here are some of my projects!
Responsible Red Teaming | The Taggart Institute
The Taggart Institute: Master Your Craft
Great hackers are good people. Many courses on red teaming will teach you the technical process of how to exploit targets. But seldom do courses cover what it means to carry out the role of a red teamer responsibly.
Responsible Red Teaming is a seminar on the ethical, legal, and tactical considerations of how to perform red team operations that are safe, responsible, and practical. It includes written lectures and practical labs centered on how we can emulate cybercriminals without introducing the risk of real cyber crime.
This course asks you to think deeply about what it means to you to be a considerate, ethical, responsible red teamer. It will then show you how to translate responsibility into practical application and refine your tradecraft in the areas of C2 infrastructure design, malware emulation, and payload engineering.
This is not a course that teaches you how to be a red teamer. It’s a course where you learn how to operate with honor.
Practical Malware Analysis & Triage (PMAT) | TCM Security Academy
Practical Malware Analysis & Triage teaches you the fundamentals of malware analysis for less than the cost of three bottles of water in Downtown Manhattan. Over 30,000 students worldwide!
Check out the preview videos below:
Whoami & Course Overview
Learn the state of the art of practical malware analysis ant triage and stop the hackers in their tracks
BlueJupyter: Automating Triage with Jupyter Notebooks
All samples located in PMAT-labs/labs/5-1.Automation-BlueJupyter/FORTRIAGE.7z Note: For this section of the course, I am working on my Linux development workstation. This is outside of my lab environment. I confirmed that Blue-Jupyter functions as intended if you install it on REMnux, so feel free to carefully add REMnux back onto a NAT adapter and follow the install instructions for Blue-Jupyter.
📚PMAT YouTube Release
The first 5+ hours of PMAT is now available on YouTube. For free, for everyone, forever.
🖥️ TryHackMe Rooms
"Operator, look alive! Word just came down from command, the mission is GO 🟢 Get ready to step for the intel brief!"
Takedown is an Insane rated THM room. The Commanding Officer is very excited for this mission, Operator. Good luck!
TryHackMe | Takedown
We have reason to believe a corporate webserver has been compromised by RISOTTO GROUP. Cyber interdiction is authorized for this operation. Find their teamserver and take it down.
TryHackMe: Takedown Walkthrough
This is the official walkthrough for this room. I did not cover every single detail available but do cover enough to get from start to finish. Obviously, major spoilers are ahead from here on out.
📜 My GitHub
I’m always up to something over on my GitHub page.
HuskyHacks - Overview
📕 Teaching 🖥️ Hacking 📕 🖥️ Teaching Hacking 🐈⬛ My cat Cosmo 📒 Learning stuff 🌎 Publishing open source 🦇 The Dracula Theme ⚔️ USMC (Intel, IT Admin) 🧪 MIT Lincoln Laboratory (Lead Cybersecurity Analyst, Space Systems and Technology Research Division 🛰️) 🏧 [REDACTED] Big Bank 💰 | 🔴 Red Team Operator & Exploit Developer 🌐 SimSpace | Principal Content Architect & Instructor 🏫 Northeastern University | 🅝🅔🅤 🎓 Rochester Institute of Technology | 🆁🅸🆃 Affordable, accessible cybersecurity training content for everyone.
🎯 OffensiveNotion: Notion (yes, the notetaking app) as a C2
GitHub - mttaggart/OffensiveNotion: Notion as a platform for offensive operations
Yes. What started as a meme grew into a full project. Just roll with it. Here's our blog post about it: We Put A C2 In Your Notetaking App: OffensiveNotion 📡 A full-featured C2 platform built on the Notion notetaking app.
GitHub - HuskyHacks/PMAT-labs: Labs for Practical Malware Analysis & Triage
Welcome to the labs for Practical Malware Analysis & Triage. Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real world, "caught in the wild" samples.
🥷🏼ShadowSteal: Pure Nim POC for exploiting CVE-2021-36934
GitHub - HuskyHacks/ShadowSteal: Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM Local Privilege Escalation (LPE). Not OPSEC safe.... yet ;). I do not claim credit for the discovery of this exploit. Getting started with ShadowSteal is now easier than ever thanks to Docker! Don't wanna mess with installing Nim dependencies? I got you, fam!
✨CVE-2022-33891: Apache Spark Shell Command Injection Exploit POC
GitHub - HuskyHacks/cve-2022-33891: Apache Spark Shell Command Injection Vulnerability
Apache Spark Shell Command Injection Vulnerability A Python POC for exploiting the Apache Spark Shell Command Injection vulnerability. I saw some other POCs out there but they looked mega sus. This one is clean and simple. I did not discover this exploit/vulnerability.
👑 The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk - 1/25/22
GitHub - HuskyHacks/the-crown-defcon615: Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk
Repo for "The Crown: Exploratory Analysis of Nim Malware" DEF CON 615 talk This entire talk is a series of Jupyter Notebooks! Want to check it out but don't want to download and set everything up? Just click on and the Jupyter Notebook will render in your browser through the GitHub page.
CVE-2021-38699: Stored/Reflected XSS in TastyIgniter v3.0.7 Restaurtant CMS