Infrastructure

This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI interfaces, Rich logging, and integrated dependency management using Poetry, Snickerdoodle allows security professionals to focus on coding rather than boilerplate setup.

Protecting your infrastructure from prying eyes is an important part of landing a phish and maintaining access to a client’s network. The process of setting up redirectors and reverse proxies has traditionally been difficult and hard to automate across different cloud platforms. Today, we’re going to solve that problem with our new repository, sneaky_proxy, which will allow you to automate your...

In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...

This is part 3 in a series about managing dropboxes for internal penetration testing. This part is all about provisioning a dropbox to be used with our OpenVPN server that we setup in [part 2](/resources/penetration-testing-dropbox-setup-part2). Follow this tutorial whenever you need to build a dropbox for a client.

In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.