Search Results for: password

Author, Beau Bullock, Blue Team, Blue Team Tools, Brian Fehrman Cred Defense Tool Kit, CredDefense, CredDefense Toolkit, event log consolidation, hardening accounts, kerberoasting, password auditing, password spraying, Pentesting, ResponderGuard

The CredDefense Toolkit

Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless GPS'd SSIDs, Kismet, raspberry Pi, Wireless

How to: From WarDriving to SSIDs on Google Maps with Latitude/Longitude

Jordan Drysdale // Step 1: Build your capture rig RPi3, Kali, Battery Packs, 2 x supported wifi card of your choosing (I used the Alfa Black for this run). My finished product: Solar Battery […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here

Author, How-To, Kent Ickler Cacti, data, go hug a cactus, Kent Ickler, Net Admin, Network monitoring, switches, Ubuntu

How to Install Cacti 1.1.10 on Ubuntu 16.04

Kent Ickler // What is Cacti? Cacti is a network system that inputs system-generated quantifiable data and presents the data in spiffy graphs. Net-Admin In the Net-Admin world, it gives […]

Read the entire post here

Author, How-To, Kent Ickler Benchmarks, Hashcat Benchmarks, Kent Ickler, Nvidia GTX, Password Cracker, The Kraken

Hashcat Benchmarks for Nvidia GTX 1080TI & GTX 1070 Hashcat Benchmarks

Kent Ickler // In my last post, I was building a password cracking rig and updating an older rig with new GPU cards. I struggled during the design process to […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team, Red Team Tools network traffic, Network Vulnerabilities, NetworkRecon.ps1, tools

How to Identify Network Vulnerabilities with NetworkRecon.ps1

David Fletcher //   Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]

Read the entire post here

Author, External/Internal, Red Team, Red Team Tools, Sally Vandeven AD Explorer, DA, domain admin, Pentesting, Shodan

Domain Goodness – How I Learned to LOVE AD Explorer

Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. […]

Read the entire post here

Author, Derek Banks, External/Internal, Red Team kerberoasting, Kerberos

A Toast to Kerberoast

Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]

Read the entire post here