Domain Password Audit Tool
Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]
WEBCAST: Exchange and OWA attacks – Step by Step
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Malicious Outlook Rules in Action
Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]
How to Increase the Minimum Character Password Length (15+) Policies in Active Directory
Kent Ickler // As a start to a series on Windows Administration in the eyes of a security-conscious “Windows Guy” I invite you on configuring AD DS PSOs (Password Security […]
Using PowerShell Empire with a Trusted Certificate
Carrie Roberts* // Using a trusted certificate and non-default Empire options will help increase your chances of getting a successful session out of a network. Follow these instructions to get […]
Bugging Microsoft Files: Part 3 – Clearing Metadata
Ethan Robish // In my last two posts I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). But don’t let all that effort go […]
How to Script Startup of Empire Listeners
Carrie Roberts // Tired of typing those Empire commands to startup your goto listeners? Wish there was an equivalent to Metasploit resource files for Empire? This is not currently […]
Two Button PWNage
Logan Lembke // Step One: Power. Step Two: Enter. Step Three: ???? Step Four: Profit. In the security industry, we love our encryption. However sometimes, the complexity introduced by encryption […]
Weaponizing Princess Toys: Crafting Wi-Fi Attack Kits
Jordan Drysdale // … Alternate Title: “Why I Love BHIS” So, I was gifted this cute little princessy-toy thing recently. My first thought was that my daughters will love this thing. […]