Cybersecurity Blog

Discovering Active Directory Controllers in your Client Network

After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.

Read More...

How to defend against password spraying

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.

What is password spraying?

Read More...

How to exploit Zerologon (CVE-2020-1472)

Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest.

This walkthrough shows you how to exploit the Zerologon vulnerability to gain domain admin during a pentest.

Read More...

How to: Execute passive internal recon during continuous penetration testing

When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all.

We break down how to do it, along with a few of our favorite tools you can use.

Read More...

3 New Phishing Streams Beyond Email - And How To Safeguard Them

There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them.

Read More...

Creating Small Containers for Penetration Testing

In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...

Read More...

12 Ways You'll Benefit from Continuous Penetration Testing

You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post covers the key benefits that continuous testing provides...

Read More...

Penetration Testing Dropbox Part 3 - Provisioning

These are the steps to provision a dropbox using OpenVPN to management remote connectivity.

Read More...

Penetration Testing Dropbox Part 2 - VPN Infrastructure

In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.

Read More...

Penetration Testing Dropbox Part 1 - Hardware

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.

Read More...