Cybersecurity Blog

After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.

Read More...

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.

What is password spraying?

Read More...

Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest.

This walkthrough shows you how to exploit the Zerologon vulnerability to gain domain admin during a pentest.

Read More...

When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all.

We break down how to do it, along with a few of our favorite tools you can use.

Read More...

There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them.

Read More...

In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...

Read More...

You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post covers the key benefits that continuous testing provides...

Read More...

These are the steps to provision a dropbox using OpenVPN to management remote connectivity.

Read More...

In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.

Read More...

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.

Read More...