A Toast to Kerberoast
Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]
Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]
Jordan Drysdale & Kent Ickler // Jordan and Kent demonstrate why there is only ONE correct way to configure your wireless networks. They also talk about the use of a […]
Brian Fehrman // You’ve sent your phishing ruse, the target has run the Meterpreter payload, and you have shell on their system. Now what? If you follow our blogs, you […]
Robert Schwass*// Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities were. Maybe they are making a comeback in mainstream security […]
Carrie Roberts // EyeWitness is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create […]
Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users […]
Kent Ickler // A robot wearing boots… with straps…. Have you been tasked with automation in the Command and Control (C2) world? If so your goal is to shorten the […]
Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]
Jordan Drysdale, victim // Kent Ickler, adversary // In this post, our victim locks their computer and heads out for a coffee refill. The adversary smashes through all system and […]