After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.
What is password spraying?
Recently, one of the most significant Microsoft Windows
vulnerabilities since Eternal Blue (MS17-010) was brought to light.
We’re going to show you how to exploit it during a pentest.
This walkthrough shows you how to exploit the Zerologon vulnerability to gain domain admin during a pentest.
When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all.
We break down how to do it, along with a few of our favorite tools you can use.
In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...
In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.
Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.
This is the start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. In this post I'll cover how to deploy an Empire server in AWS in less than 3 minutes from the command line.
- Traditional pentesting v. continuous pentesting
- Never stop frontin: How to quickly setup a redirector and transparent reverse proxy
- CPT in the wild: 3 real-world examples that prove its value
- The ultimate tag team: PetitPotam and ADCS pwnage from Linux
- #PrintNightmare – Is your company protected from this Print Spooler vulnerability?