WEBCAST: A Powerful New Tool – PowerLine!
Brian Fehrman // Running into environments where the use of PowerShell is being monitored or is just flat-out disabled? Have you tried out the fantastic PowerOps framework but are wishing […]
Towards a Quieter Firefox
Brian King // On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox […]
How to Identify Network Vulnerabilities with NetworkRecon.ps1
David Fletcher // Â Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]
How to Get Malicious Macros Past Email Filters
Carrie Roberts // A malicious macro in a Microsoft Word or Excel document is an effective hacking technique. These documents could be delivered in a variety of […]
Domain Goodness – How I Learned to LOVE AD Explorer
Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. […]
WEBCAST: Log File Frequency Analysis with Python
Joff Thyer // Information Security professionals often have reason to analyze logs. Whether Red Team or Blue Team, there are countless times that you find yourself using “grep”, “tail”, “cut”, […]
How to Evade Application Whitelisting Using REGSVR32
Joff Thyer // I was recently working on a Red Team for a customer that was very much up to date with their defenses. This customer had tight egress controls, […]
A Toast to Kerberoast
Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]
WEBCAST: Attack-n-Crack Wi-Fi
Jordan Drysdale & Kent Ickler // Jordan and Kent demonstrate why there is only ONE correct way to configure your wireless networks. They also talk about the use of a […]