Red + Blue = Purple
David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]
Author
How to Not Suck at Reporting (or How to Write Great Pentesting Reports)
David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]
How a No-Name, Nobody-Ever-Heard-Of, Kid* Like Me Got Hired by BHIS from a Craigslist Ad
Jordan Drysdale // Step 1: Craigslist Step 2: Magic Time Step 3: Profit $$$$$$ I traveled to Scottsdale last year to enjoy some Citrus fruit around my uncle’s pool after […]
How to Take Advantage of Weak NTFS Permissions
David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]
AppleTV & nmap -sV
BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]
Attacking Exchange with MailSniper
Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]
Ten years later… Memories from Pentesting Past
John Strand // So, I have passed the timeframe where I have been actively penetration testing for over a decade…. I have a large number of pretty strongly held beliefs […]
John’s Talk from DerbyCon 2016
John Strand //
Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]