Discovering Active Directory Controllers in your Client Network

After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.

Read More...

How to defend against password spraying

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.

What is password spraying?

Read More...

How to exploit Zerologon (CVE-2020-1472)

Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest.

This walkthrough shows you how to exploit the Zerologon vulnerability to gain domain admin during a pentest.

Read More...

How to: Execute passive internal recon during continuous penetration testing

When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all.

We break down how to do it, along with a few of our favorite tools you can use.

Read More...

Creating Small Containers for Penetration Testing

In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...

Read More...

Penetration Testing Dropbox Part 3 - Provisioning

These are the steps to provision a dropbox using OpenVPN to management remote connectivity.

Read More...

Penetration Testing Dropbox Part 2 - VPN Infrastructure

In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.

Read More...

Penetration Testing Dropbox Part 1 - Hardware

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.

Read More...

Getting started with MITRE CALDERA

The MITRE CALDERA project is an automated adversary emulation system. It's primary purpose is to execute a series of operations to help determine if adversarial tactics can be detected in your enterprise environment.

Read More...

Autored - Using Terraform to Quickly Launch Empire

This is the start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. In this post I'll cover how to deploy an Empire server in AWS in less than 3 minutes from the command line.

Read More...