External/Internal

External/Internal, How-To, Informational, Red Team BHIS, Black Hills Information Security, Carrie Roberts, RDP, SSH

The RDP Through SSH Encyclopedia

Carrie Roberts //* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for […]

Read the entire post here

Author, Blue Team, External/Internal, Finding, Jordan Drysdale, Red Team BlueTeam, Cisco, External Pentest, internal pentest, Inventory, Jordan Drysdale, Nessus, RedTeam, SIET

Cisco Smart Installs and Why They’re Not “Informational”

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

Read the entire post here

Author, External/Internal, How-To, Informational, InfoSec 201, Kent Ickler, Password Cracking, Wireless Cheat Sheet, Cracking, dictionary, Hashcat, Hashing, Jordan Drysdale, Password cracking

Hashcat 4.10 Cheat Sheet v 1.2018.1

Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]

Read the entire post here

Author, External/Internal, How-To, Kent Ickler, Password Cracking AES, CeWL, decrypt, dictionary, encryption, Exce, Hashcat, John the Ripper, JTR, Kent Ickler, LinkedIn, microsoft office, Office, SHA, wordlist

How to Crack Office Passwords with a Dictionary

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption.  Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

Read the entire post here

Author, External/Internal, Jordan Drysdale, Phishing, Red Team Burner Devices, Digital Ocean, Jordan Drysdale, non-attrib, privacy, Red Team, Tracfone

The Non-Attrib Starterpack!

Jordan Drysdale // Let’s start this post at Walmart. Yes, the visit may be attributable against the purchaser via security camera footage retrieved by warrant, so hand your wife/husband/confidant/whomever a […]

Read the entire post here

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

Author, External/Internal, How-To, Jordan Drysdale, Web App Digital Ocean, Jordan Drysdale, Nessus, Vulnerability Scanning

How to Scan Millions of IPv4 Addresses for Vulnerabilities

Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team, Red Team Tools network traffic, Network Vulnerabilities, NetworkRecon.ps1, tools

How to Identify Network Vulnerabilities with NetworkRecon.ps1

David Fletcher //   Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]

Read the entire post here