Blog

It’s tempting to re-use the same password for multiple online accounts. Many of us have done it (it’s OK; this is a safe space). Convenient as it seems, this action puts you at high risk to get hacked via credential stuffing.

This is part 3 in a series about managing dropboxes for internal penetration testing. This part is all about provisioning a dropbox to be used with our OpenVPN server that we setup in [part 2](/resources/penetration-testing-dropbox-setup-part2). Follow this tutorial whenever you need to build a dropbox for a client.

In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.

The MITRE CALDERA project is an automated adversary emulation system. It's primary purpose is to execute a series of operations to help determine if adversarial tactics can be detected in your enterprise environment.

This is the start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. In this post I'll cover how to deploy an Empire server in AWS in less than 3 minutes from the command line.