After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.
What is password spraying?
Recently, one of the most significant Microsoft Windows
vulnerabilities since Eternal Blue (MS17-010) was brought to light.
We’re going to show you how to exploit it during a pentest.
This walkthrough shows you how to exploit the Zerologon vulnerability to gain domain admin during a pentest.
When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all.
We break down how to do it, along with a few of our favorite tools you can use.
There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them.
In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...
You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post covers the key benefits that continuous testing provides...
In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.
Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.
- Pro tips for purchasing and aging phishing domains
- Discovering Active Directory Controllers in your Client Network
- How to defend against password spraying
- Preventing Social Engineering Breaches
- How to exploit Zerologon (CVE-2020-1472)