Search Results for: password

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, FindPeople, Get-GlobalAddressList, Invoke-PasswordSprayOWA, InvokePasswordSprayEWS, MailSniper, OWA, updates

Attacking Exchange with MailSniper

Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]

Read the entire post here

Author, InfoSec 101, John Strand how John got bitter, Life Lessons, Pentesting, pentesting lessons, when in doubt ask

Ten years later… Memories from Pentesting Past

John Strand // So, I have passed the timeframe where I have been actively penetration testing for over a decade…. I have a large number of pretty strongly held beliefs […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, hunting, Pentesting, pillaging, red teaming, sensitive info, yolo

Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data

Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]

Read the entire post here

Author, How-To, Jordan Drysdale cloaking, goSecure, great success, IADGov, magical time, non-attrib, raspberry Pi, VPN

Turning a Raspberry Pi 3 Into a Cloaking Device With goSecure VPN

Jordan Drysdale // This article, like the IADGov link here has three major steps. First, acquire a Raspberry Pi and a VPS running CentOS 6.8. Second, configure the server and Raspberry […]

Read the entire post here

InfoSec 201 fun with social networks, kony2012, social engineering, social media mining

Mining Mary’s Social Media Antics for Social Engineering

Christine Sorensen // Let’s talk about Mary. Mary Watson is a girl in her twenties and just graduated from Midtown University with her bachelors in Fashion Merchandising. Mary is now […]

Read the entire post here

External/Internal, Red Team Burp, Duct Tape, Mechanical Engineering, password spraying, pen-testing

Downloading an Address Book from an Outlook Web App (OWA) Portal

Carrie Roberts //  Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]

Read the entire post here

Author, InfoSec 201, Jordan Drysdale apricorn, bash history, evading content filters with SSH, exif-tool, histcontrol, peach jam, personal google maintenance, photo scrubbing, pickles, yubico, yubikey

Reminders – Simple Security and Finding Sanity In the Digital Age

Jordan Drysdale // As I wander through life, in what now seems like a world gone entirely mad, disconnecting from digital is my newest hobby. Information overload constantly smashes us […]

Read the entire post here

How-To Azure, Bash Commands, Linux, phishing, PowerShell, Social Engineering Toolkit, Windows, Windows10

Time To Bash on Windows (Bourne Again Shell That Is)

Editor’s Note: This is another awesome guest post from our friend, Robert Schwass. If you’d like to guest post contact us here. Robert Schwass // I had heard the rumors about […]

Read the entire post here

Author, Beau Bullock, Red Team, Red Team Tools Beau Bullock, build your own, hardware hacking, pen-testing, red teaming

How to Build Your Own Penetration Testing Drop Box

Beau Bullock // TL;DR I compared three single-board computers (SBC) against each other with a specific goal of finding which one would serve best as a “penetration testing dropbox”, and […]

Read the entire post here