Storm Chasing: How We Hacked Your Cloud
Beau Bullock // Overview The traditional methodology of a remote attacker who has no preconceptions of a target network used to be fairly static. With organizations moving to “the cloud”, […]
Beau Bullock // Overview The traditional methodology of a remote attacker who has no preconceptions of a target network used to be fairly static. With organizations moving to “the cloud”, […]
David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation. I found […]
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, […]
Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]
Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can […]
Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. […]
Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]