How to Pull Wireless Credentials with the Bash Bunny
Sally Vandeven // All of the BHIS testers are pretty geeked about Hak5’s newest toy — the Bash Bunny. Last week, Jordan blogged about the USB Exfiltration payload. Today I […]
Red Team Tools
How to Get USB_Exfiltration Payload Using the Bash Bunny
Jordan Drysdale // This is a super quick write-up on the first very useful payload we tested and confirmed as 100% reliable on all Windows systems (XP-SP3+) with PowerShell enabled. […]
How to DIY a Mobile Hacking Platform – Kali NetHunter on a Rooted Nexus7
Derek Banks // As pentesters, it is probably not a surprise that we tend to make fairly heavy use of Kali Linux on a fairly regular basis. The folks at Offensive […]
Power Posing with PowerOPS
Brian Fehrman // As described in my last blog post, Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV (sheeesh…it’s been a bit!), we are seeing more environments in […]
How to Bypass Anti-Virus to Run Mimikatz
Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script “Invoke-Mimikatz” from PowerSploit on my machine but it was […]
Domain User Enumeration
Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]
Domain Password Audit Tool
Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]
WEBCAST: Exchange and OWA attacks – Step by Step
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Bugging Microsoft Files: Part 3 – Clearing Metadata
Ethan Robish // In my last two posts I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). But don’t let all that effort go […]