Red + Blue = Purple
David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]
David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]
David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]
David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]
Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]
Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]
Guest post* by Robert Schwass // We’ve all been there. You craft the perfect phishing email, register a great domain name, your multi handler is set up ever so perfectly. And […]
Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]
Sally Vandeven // I found myself with a little extra time one day (and I didn’t tell my project manager) so I thought it would be a great time to […]
Brian Fehrman (With shout outs to: Kelsey Bellew, Beau Bullock) // In a previous blog post, we talked about bypassing AV and Application Whitelisting by using a method developed by Casey Smith. In […]