External/Internal

External/Internal, Red Team, Red Team Tools Gold Paper, Internal Pen Test, Pivot, Vulnerabilities, XML External Entity, XXE

XML External Entity – Beyond /etc/passwd (For Fun & Profit)

Robert Schwass*//   Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities were. Maybe they are making a comeback in mainstream security […]

Read the entire post here

External/Internal, Red Team, Red Team Tools EyeWitness, good to know, handy dandy, penetration testing, Pentesting, screenshots, tool

Web Server Screenshots with a Single Command

Carrie Roberts // EyeWitness is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team email attack, MailSniper, Microsoft, Microsoft Exchange, MS, Office365, OWA, pen-testing, tools

Abusing Exchange Mailbox Permissions with MailSniper

Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users […]

Read the entire post here

External/Internal, Red Team, Web App Apache Struts, Unauthenticated Remote Code Execution

Strutting your stuff – Unauthenticated Remote Code Execution

Carrie Roberts // Unauthenticated Remote Code Execution? A hacker’s best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team, Red Team Tools, Webcasts Email, MS, OWA, Vulnerabilities

WEBCAST: Exchange and OWA attacks – Step by Step

Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.

Read the entire post here

External/Internal, How-To, Red Team Outlook

Malicious Outlook Rules in Action

 Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]

Read the entire post here

External/Internal, Red Team Carrie Roberts, Let's Encrypt, PowerShell, PowerShell Empire, Trusted Certificate

Using PowerShell Empire with a Trusted Certificate

Carrie Roberts* // Using a trusted certificate and non-default Empire options will help increase your chances of getting a successful session out of a network. Follow these instructions to get […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here