Author
Nicholas Anastasi
Explore the author's collection.
Author
Explore the author's collection.
When starting a penetration test, we first try to discover domains associated with our target apex domain. To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for… read more →
We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →
Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent. read more →
Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company… read more →
Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources. read more →
After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both… read more →
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used… read more →
Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest. read more →
When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all. To do it, we… read more →
Over the past years, we’ve urged companies to start using Multi-factor authentication (MFA) – and many have followed through. Unfortunately, we have a long way to go. First, the good news. MFA protects by adding a… read more →
There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them. read more →
In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and… read more →
Continuous Human & Automated Security
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.