Book Review: “Red Team – How to Succeed by Thinking Like the Enemy”
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]
Pentesting
Storm Chasing: How We Hacked Your Cloud
Beau Bullock // Overview The traditional methodology of a remote attacker who has no preconceptions of a target network used to be fairly static. With organizations moving to “the cloud”, […]
Phishing with PowerPoint
Carrie Roberts & Chevy Swanson // How do we make sure people open up our malicious files and execute them? We simply let Microsoft work for years and years to gain […]
Internal Pivot, Network Enumeration, & Lateral Movement
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
EyeWitness and Why It Rocks
Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]
How to Test for Open Mail Relays
Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can […]
Pentesting with Linked Clones
Brian B. King // If working with several customers at once, or in succession, it would be easy to lose track of whose data you’re looking at, or to include […]
Pentesting ASP.NET Cookieless Sessions with Burp
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]