Lum8rjack

Mythic Wrappers and Building Your Own

Tue, 09 Jun 2026 22:07:01 -0500

After building a payload in Mythic, there’s often still work to do before it’s ready for delivery—packaging it into an archive, wrapping it in a specific format, or applying a technique your team uses on every engagement. That usually means downloading the artifact and running additional tools locally, which slows things down and makes it harder to keep everyone on the same workflow.

Mythic wrappers solve this by handling those post-build steps inside the platform. A wrapper takes an already-compiled agent and repackages it into a new format without adding its own C2 or commands. Community wrappers like service_wrapper and scarecrow_wrapper cover common delivery formats, but you can also build your own for the steps specific to your team.

Building an NFL Over/Under Prediction Model with Machine Learning

Thu, 04 Sep 2025 18:25:59 -0500

The NFL betting market is massive, with billions of dollars wagered annually on everything from game outcomes to point spreads. While professional sportsbooks employ teams of analysts and sophisticated models, the challenge of accurately predicting NFL spreads remains notoriously difficult.

In this project, I set out to build my own machine learning model for predicting NFL point spreads, following along with a Kerry Sports Analyst YouTube tutorial as my starting point. What began as a simple replication exercise quickly evolved into a comprehensive data science project that involved web scraping, model generation, and API development.

RSS Automation for Cybersecurity

Mon, 23 Dec 2024 07:20:28 -0600

Staying ahead in the fast-paced world of cybersecurity is not always easy. With new vulnerabilities, threats, and tools emerging almost daily, keeping up with the latest information can feel overwhelming. In this blog post, I’ll share how I navigate the flood of cybersecurity news and updates, leveraging a mix of platforms and automation to ensure I’m always in the loop.

My Main Sources for Cybersecurity News

For me, staying current begins with actively following the right sources. Platforms like X and Reddit are invaluable for real-time updates and discussions, while YouTube channels provide in-depth analyses and tutorials. The cornerstone of my approach lies in automating the process of staying updated on the latest blog posts and articles from trusted sources using RSS feeds. This automation ensures that I don’t miss critical updates while saving me time to focus on what matters most.

Reflections on a Year of FedRAMP Red Team Exercises

Fri, 13 Dec 2024 07:00:10 -0600

Reflections on a Year of FedRAMP Red Team Exercises

Blog post here: https://www.schellman.com/blog/penetration-testing/reflections-on-a-year-of-fedramp-red-team-exercises

Kasm for Red Teams

Sun, 07 Apr 2024 12:00:28 -0500

Have you ever successfully phished a target during a red team engagement and received access to one of their online accounts? There are times you need to keep your browser session active after bypassing MFA so you aren’t logged out. You might have to leave your computer on for multiple days or if you are using a VPN, hope that it doesn’t disconnect. If multiple team members are on the project, it also makes it difficult to distribute the work if everyone is working remote and on their own machines.

C2 Redirectors Made Easy

Sun, 18 Feb 2024 00:00:00 +0000

In penetration testing and red teaming campaigns, Command-and-Control (C2) servers are used to simulate the control infrastructure that an attacker might use. These servers facilitate communication between the simulated malicious actors and the compromised systems. Using a proxy server, also known as a redirector, in front of a C2 server serves several important purposes:

Obscure the actual location of the C2 server.
Allow only legitimate C2 traffic to reach the C2 server.
If the traffic is detected and blocked, the proxy can easily be destroyed and a new one deployed in it’s place. This is easier than re-deploying the C2 server.

While deploying a redirector is relatively easy, one of the slow aspects is configuring the proxy rules to only allow legitimate C2 traffic to the C2 server. This involves reviewing the C2 profile and adding redirect rules to the proxy configuration file based on the User-Agent and each of the http endpoints. Any time the C2 profile updates any of the routes, you would also need to manually update the proxy configuration.

Okta Phishing Detection

Wed, 07 Feb 2024 00:00:00 +0000

Phishing is still one of the common methods threat actors utilize to breach companies. Most phishing attacks try tricking the victim into revealing sensitive information or downloading and executing malicious attachments and files.

During many of the phishing engagements I have performed, I tend to target organization’s identity and access management services. Okta is one common service that is widely used across the industry and, if compromised, can provide access to many other services in the organization. While Okta and other services tend to have multifactor authentication (MFA) enabled, users can still be compromised despite this protection.

How to Protect Infrastructure During Penetration Testing

Thu, 28 Dec 2023 00:00:00 +0000

How to Protect Infrastructure During Penetration Testing

Blog post here: https://www.schellman.com/blog/cybersecurity/how-to-protect-infrastructure-during-pen-testing

How to Use Entropy in Penetration Testing

Thu, 27 Oct 2022 00:00:00 +0000

How to Use Entropy in Penetration Testing

Blog post here: https://www.schellman.com/blog/cybersecurity/penetration-testing-methods-entropy

Function Hooking Part 3 - Frida

Sun, 06 Feb 2022 00:00:00 +0000

This post will wrap up the function hooking series. You can view the previous posts here:

In this post I will show another method you can use to hook functions. Instead of writing an injector and DLL in C++, I will be using a tool called Frida that allows you to do the same with Python and JavaScript.

Function Hooking Part 2 - Password Safe

Sat, 06 Feb 2021 00:00:00 +0000

In this post I will expand on the information from my first post, Function Hooking Part 1 - Test Program. Previously, I discussed hooking a function from a custom application, in this post I will be hooking a function in the open-source password manager Password Safe.

As you can image, password managers are valuable targets during red team engaments since they contain additional credentials for other services or computers. If the main password to open the database is known or obtained, then all of the other credentials in the database are compromised.

Function Hooking Part 1 - Test Program

Sun, 31 Jan 2021 00:00:00 +0000

I have recently been spending time learning more about reverse engineering and patching applications including fixing older programs that I do not have the source code for. I’ve started looking into function hooking and identifying how it works and different scenarios I could use it. There are a ton of articles online but most of them do not provide simple examples for starters or are focused on Windows API. While Windows API hooking is useful, I am more interested in hooking higher level functions.

Reverse Engineering C3000Z

Tue, 18 Aug 2020 00:00:00 +0000

The following post goes through the steps I took to reverse engineer different binaries in routers with the goal of decrypting an encoded password.

I recently switched internet providers and was given a new modem/router. When the technician came to setup my service, the device was already configured and just needed plugged in. I was planning on switching out the device with my old router, since I already had firewall rules and static routes configured, however when I logged into the new device I noticed it was configured to use PPoE to connect to the ISP. I could see the username but the password was not visable. I was able to find an option to backup the settings to a configuration file hoping it would store the password in plain text, unfortunately the password was encrypted. Instead of calling the ISP to get the credentials, I figured I would first try to figure out a way to decrypt the password. This process not only helped teach me about reverse engineering, but also about testing IoT devices and what can be found in the firmware.

Whoami

Mon, 01 Jan 0001 00:00:00 +0000

I’ve spent 10+ years in cybersecurity performing penetration testing, web application assessments, and red and purple team engagements. This blog is where I write up tooling, research, and techniques I’ve built or used in the field. This includes things like C2 infrastructure, offensive tooling, reverse engineering, and red team workflows.

What you’ll find here

Red team infrastructure and C2 tooling
Offensive research and technique write-ups
Open source projects and automation scripts

Certifications

Offensive Security Certified Professional (OSCP)
Web Application Penetration Tester Extreme (eWPTX)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Microsoft Certified: Azure Fundamentals (AZ-900)
Offensive Security Experienced Penetration Tester (OSEP)
Certified Information Systems Security Professional (CISSP)