Digital tools

Most of you know many digital tools for recon, exploitation, etc. We've mentioned some here in the past few years as well. Of course, for distributed Red Teaming, one of my favorites is still Cobalt Strike and its underlying Metasploit.

There is a relatively new one (well, it's been out there for a while) that we have been testing lately, and while it is still a work in progress, it shows a lot of promise: the BeEF Project.

BeEF, or Browser Exploitation Framework, focuses on attacking and exploiting the web browsers: "BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.".

You can read more about it and its architecture here, but it has been really useful to have it. It can be combined with Metasploit for a great set of web browser attack modules.

We'll continue to play with it.