Collecting and validating an organization’s employee base is critical for any successful offensive information security operation. With this information, we’re able to conduct social engineering campaigns and password spray endpoints. Check out the full post to learn the process for fully enumerating an organization’s employee base.
When starting a penetration test, we first try to discover domains associated with our target apex domain.
To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for working around registrant privacy services and other roadblocks you may face.
Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent.
To give you a clear understanding how continuous penetration testing
can help you enumerate the possible use of SolarWinds Orion we’re going
to highlight methodologies we use every day at Sprocket.
- Crossing the Log4j Horizon - A Vulnerability With No Return
- Another Log4j on the fire: Unifi
- How to exploit Log4j vulnerabilities in VMWare vCenter
- Leading and Empowering Your Team During Log4j
- Traditional pentesting v. continuous pentesting