Author

Author, David Fletcher, External/Internal, Red Team cool stuff, shell script, SSL, testssl.sh, TLS, tools

TestSSL.sh –Assessing SSL/TLS Configurations at Scale

David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation.  I found […]

Read the entire post here

Author, External/Internal, Joff Thyer, Red Team C2, internal pentest, ipconfig, ipconfig Output, l33t ninja, metasploit, pen-testing, Pentesting

Internal Pivot, Network Enumeration, & Lateral Movement

Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]

Read the entire post here

Author, Ethan Robish, Fun & Games college, get to know a tester, internship, interview, my mom got me a job

Get to Know a Tester: Ethan Robish

Sierra Ward & Ethan Robish // Intro by Ethan: Sierra came up with the idea to interview me for this blog.  I thought it was a great idea and after watching Rick […]

Read the entire post here

Author, Brian Fehrman, Red Team anti-virus, bypassing AV, Kill your AV, whitelisting

How to Bypass Application Whitelisting & AV

Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool […]

Read the entire post here

Author, Beau Bullock, C2, External/Internal, Red Team Beau Bullock, egress filtering, exposed ports, firewalls, network

Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed

Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, […]

Read the entire post here

Author, Brian King, Red Team, Web App cross site tracing, http trace, OWASP, trace request, WAF bypass

Three Minutes with the HTTP TRACE Method

Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker […]

Read the entire post here

Author, General InfoSec Tips & Tricks, InfoSec 101, Jordan Drysdale

Public Wi-Fi Insecurity – Part Deux, For Compliance Sakes

Jordan Drysdale // (See Jordan’s Part 1 of this post here.) PCI-DSS strolled into town with the latest compliance package of minutiae laden IT speak at the end of last year. […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Joff Thyer, Red Team, Red Team Tools EAP Network, TSL Certificates

TLS Certificates from EAP Network Traffic

Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods.  EAP is used both in a wired network […]

Read the entire post here

David Fletcher, Red Team, Web App Cross-Site Request Forgery, CSRF, CSRF-Token, Recursive Grep, Testing Protected Pages, XSRF

Using Recursive Grep to Test Per-Request CSRF-Token Protected Pages

David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. […]

Read the entire post here