Technical

When starting a penetration test, we first try to discover domains associated with our target apex domain. To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for working around registrant privacy services and other roadblocks you may face.

We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article Cody Thomas wrote for the SpectrOps blog.

Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources.

After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both Windows and Linux, so you have an approach in your back pocket that fits your needs.

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization. What is password spraying?

Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest.