Performing a Physical Pentest? Bring This!
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you don’t own […]
Red Team
Digging Deeper into Vulnerable Windows Services
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]
A Morning with Cobalt Strike & Symantec
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]
WEBCAST: JavaScript Weaponized
Matthew Toussain // PowerShell is dead… well dying, kind of. JavaScript interpreters, on the other hand, are everywhere, and they are far from confined to the web browser. Join Matt […]
Google Calendar Event Injection with MailSniper
Beau Bullock & Michael Felch // Source: https://chrome.google.com/webstore/detail/google-calendar-by-google/gmbgaklkmjakoegficnlkhebmhkjfich Overview Google Calendar is one of the many features provided to those who sign up for a Google account along with other popular […]
Empire Resource Files and Auto Runs
Carrie Roberts* // I have added resource file and autorun functionality to PowerShell Empire. Empire now has the ability to run multiple commands at once by specifying the commands in […]
Grepping Through PowerView Output
Carrie Roberts//* Have you found yourself trying to Grep through PowerView output, or any PowerShell output for that matter, and find that it returns no results for text you know […]
How to Crack Passwords for Password Protected MS Office Documents
Carrie Roberts* // (Updated, 2/11/2019) Trying to figure out the password for a password protected MS Office document? This free solution might do the trick. It attempts to guess the password […]