External/Internal

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team Active Directory, ADCS, exploit

Abusing Active Directory Certificate Services (Part 3)

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services – Part 2

| Alyssa Snow Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to […]

Read the entire post here

How Attackers Use SSH.exe as a Backdoor Into Your Network (5)

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services – Part One

| Alyssa Snow Active Directory Certificate Services (ADCS)1 is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing […]

Read the entire post here

External/Internal, How-To, Informational, Justin Angel Exfil

Evasive File Smuggling with Skyhook

ImposterKeanu // Introduction This blog post introduces the reader to “The Obfuscation Hustle”, a term I enjoy using to describe the tedious process of obfuscating and delivering files to corporate […]

Read the entire post here

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

Gowitness, a Tester’s Time Saver

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

Read the entire post here

Dale Hobbs, External/Internal, How-To, Informational, InfoSec 201 IPv6, Machine-in-the-Middle, MITM6, ntlmrelayx, Replication-Get-Changes-All

MITM6 Strikes Again: The Dark Side of IPv6

Dale Hobbs // As the world becomes increasingly connected through the internet, cyber attacks have become more sophisticated and prevalent. One type of attack that you may not have heard […]

Read the entire post here

External/Internal, How-To, Mobile, Password Spray, Red Team, Sean Verity, Web App

How to Build a Pentest Robot With Selenium IDE

Have you ever been on a pentest and thought to yourself, “I wish I had a robot to do this testing for me right now cuz this is just too much work”?

Read the entire post here

Daniel Pizarro, External/Internal, General InfoSec Tips & Tricks, Informational, LLMNR, Password Cracking, Password Spray, Recon, Red Team, Red Team Tools, Web App Cybersecurity Certification, PNPT

PNPT: Certification Review

Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]

Read the entire post here

Author, Dale Hobbs, External/Internal, How-To, Informational, InfoSec 201, Recon Community Strings, Default, SNMP

SNMP… Strings Attached!

Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]

Read the entire post here

‹ 1 2 3 4 ›»