Darin Roberts// IP-Go-Round – Source IP Rotation I was on an engagement recently that was blocking my password sprays based on my IP address. If I made 3 incorrect requests from my IP I was blocked out from making any other requests for 30 minutes. How annoying is that? It is a great form of […]
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A few months ago, a co-worker mentioned to me that InSpy was now requiring an API key. I found out that the updated version did in […]
Brian Fehrman // In our experience, we see many Windows environments in which the local Administrator password is the same for many machines. We refer to this as Wide-Spread Local Administrator Re-use. This type of configuration is extremely advantageous to an attacker. Once the attacker has the local Administrator password for one computer, they can […]
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or Winter2015. It reads a list of users from a file, a list of passwords (or just one password, if you’ve got a healthy streak of […]
Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on […]
Joff Thyer // Many of us in the penetration testing community are used to scenarios whereby we land a targeted phishing campaign within a Windows enterprise environment and have that wonderful access into the world of Windows command line networking tools. You get your shell and before you know it, you are ready to run […]
Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network scan, Nessus reported two hosts running Asterisk SIP services as an informational finding. When entering the IP address in a browser, only a blank page was […]
