| Follow @lancinimarco

This post is Part 2 of the “Offensive Infrastructure with Modern Technologies” series, and is going to focus on an automated deployment of the HashiCorp stack (i.e., the HashiStack).

Part 1 explained how to configure Consul in both single and multi node deployments using docker-compose, while here I’m going to provide a step-by-step walkthrough that will allow you to automatically deploy the full stack with Ansible.

On the 3rd of December 2018, a critical security vulnerability affecting Kubernetes API server has been announced. Without any surprise, this announcement got a lot of traction (especially on Twitter).

In this post I’ll try to dissect the information currently available.

In the past few weeks I’ve been reading “The Hacker Playbook 3: Red Team Edition” from Peter Kim. As the title clearly states, this version focuses on processes and techniques that can be used during a red teaming engagement. Although I’m not going to provide a review of the book here, I highly recommend it to anyone interested in the field.

While going through the book I found myself building a mindmap to link topics (which not always are presented sequentially) together, so to create a high-level methodology as suggested by Peter. In this post I want to share this mind map: I do realise this is not a complete list of all techniques/tools that can be leveraged in a campaign, but it covers what’s in “The Hacker Playbook 3”. I hope you’ll find it useful!