How to Build a Pentest Robot With Selenium IDE
Have you ever been on a pentest and thought to yourself, “I wish I had a robot to do this testing for me right now cuz this is just too much work”?
Red Team
PNPT: Certification Review
Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]
Start to Finish: Configuring an Android Phone for Pentesting
Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]
Forward into 2023: Browser and O/S Security Features
Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]
SNMP… Strings Attached!
Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]
New PowerShell History Defense Evasion Technique
Carrie Roberts // PowerShell incorporates the handy feature of writing commands executed to a file to make them easy to refer back to later. This functionality is provided by the […]
Constrained Language Mode Bypass When __PSLockDownPolicy Is Used
Carrie Roberts // PowerShell’s Constrained Language (CLM) mode limits the functionality available to users to reduce the attack surface. It is meant to be used in conjunction with application control […]
Avoiding Memory Scanners
Kyle Avery // Introduction This post compliments a presentation I gave at DEF CON 30 – “Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More,” which included the […]