Practical, expert-tested guidance you can apply to immediately improve your network security.
Resources
Blog
Blog
Keep up to date with the latest offensive security news, knowledge, and resources.
Featured
The Axios supply chain attack exposed why dependency scanning fails against credential compromise. Learn how attackers backdoor popular packages and what your penetration tests are missing.
Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources.
After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.
What is password spraying?
It’s pretty common for companies to bundle social engineering into their penetration testing programs. But when the report shows up, you may find you’re surprised and frustrated at the rate of employees clicking links to open malicious documents. How were my employees so easily manipulated? And why didn’t anyone on the IT staff catch this? Don’t sweat it. Happens to...
Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest.
