Recon

Shenetworks Recommends: Using Nmap Like a Pro

shenetworks // One day at work I received a case stating a client couldn’t connect to the management interface of a new server. I asked the client to change the […]

Read the entire post here

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

Gowitness, a Tester’s Time Saver

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

Read the entire post here

Daniel Pizarro, External/Internal, General InfoSec Tips & Tricks, Informational, LLMNR, Password Cracking, Password Spray, Recon, Red Team, Red Team Tools, Web App Cybersecurity Certification, PNPT

PNPT: Certification Review

Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]

Read the entire post here

Author, Dale Hobbs, External/Internal, How-To, Informational, InfoSec 201, Recon Community Strings, Default, SNMP

SNMP… Strings Attached!

Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]

Read the entire post here

Blue Team, Carrie Roberts, General InfoSec Tips & Tricks, Informational, InfoSec 101, Recon, Red Team

New PowerShell History Defense Evasion Technique

Carrie Roberts // PowerShell incorporates the handy feature of writing commands executed to a file to make them easy to refer back to later. This functionality is provided by the […]

Read the entire post here

00421_12042019_CollectingUserInfoLinkedIn

Author, Finding, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Justin Angel, Phishing, Recon, Red Team, Red Team Tools Justin Angel, LinkedIn, Parsuite, Peasant, SendGrid

Collecting and Crafting User Information from LinkedIn

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

Read the entire post here

Author, Brian King, How-To, Informational, Recon Brian King, Recon-ng

What’s Changed in Recon-ng 5.x

Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for […]

Read the entire post here

Author, Blue Team, DNSTAP, How-To, Informational, Joff Thyer, Recon, Red Team BIND, DNS, DNSTAP, Farsight Security, Joff Thyer, Logging, Paul Vixie

Tap Into Your Valuable DNS Data

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

Read the entire post here

00387_05112019_PODCAST_Weaponizing_Intel

Author, Beau Bullock, Mike Felch, Password Spray, Phishing, Podcasts, Recon, Red Team, Red Team Tools, Social Engineering Beau Bullock, Demos, FireProx, Mike Felch, PII, recon, Social Media, Social Trust Attack, tools

Podcast: Weaponizing Corporate Intel. This Time, It’s Personal!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

1 2