Domain User Enumeration
Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]
WEBCAST: How Threat Intelligence Can Go Wrong
The webcast John did with Paul and Security Weekly a few weeks ago. Better late than never though, are we right??
WEBCAST: Threat Hunting Using Open Source Software Bro Part 1
A bit delayed but here is the webcast John did with Security Weekly and Endgame about Threat Hunting on 11/15/16.
Domain Password Audit Tool
Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]
WEBCAST: Exchange and OWA attacks – Step by Step
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Malicious Outlook Rules in Action
Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]
How to Increase the Minimum Character Password Length (15+) Policies in Active Directory
Kent Ickler // As a start to a series on Windows Administration in the eyes of a security-conscious “Windows Guy” I invite you on configuring AD DS PSOs (Password Security […]
Using PowerShell Empire with a Trusted Certificate
Carrie Roberts* // Using a trusted certificate and non-default Empire options will help increase your chances of getting a successful session out of a network. Follow these instructions to get […]
Bugging Microsoft Files: Part 3 – Clearing Metadata
Ethan Robish // In my last two posts I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). But don’t let all that effort go […]