Search Results for: password

Author, How-To, Informational, Jordan Drysdale, Red Team Jordan Drysdale, SILENTTRINITY

My First Joyride With SILENTTRINITY

TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get […]

Read the entire post here

00432_01242020_DumpingFirmwareWithCH341a

Hardware Hacking, How-To, Informational AsProgrammer, Rick Wisser

Dumping Firmware With the CH341a Programmer

Rick Wisser // Note: This blog will also be a lab for any of the upcoming Wild West Hackin’ Fest Conferences. During a recent engagement, I came across an issue. […]

Read the entire post here

00421_12042019_CollectingUserInfoLinkedIn

Author, Finding, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Justin Angel, Phishing, Recon, Red Team, Red Team Tools Justin Angel, LinkedIn, Parsuite, Peasant, SendGrid

Collecting and Crafting User Information from LinkedIn

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

Read the entire post here

00419_11262019_WEBCAST_GroupPoliciesKillKillChains

Author, Blue Team, Informational, Jordan Drysdale, Kent Ickler, Webcasts Best Practices, CMD, Group Policies, honey accounts, Jordan Drysdale, Kent Ickler, Kerberos, LAPS, LLMNR, Local Admin Controls, Logging, PowerShell, SMB Message Signing, Sysmon

Webcast: Group Policies That Kill Kill Chains

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Red Team, Red Team Tools Certutil, Clip, Clipboard, Cmdkey, Curl, Microsoft, Net1, Sally Vandeven, Tar, Where, Whoami, Windows, Windows Command, Wslconfig

Rainy Day Windows Command Research Results

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we […]

Read the entire post here

Author, Hardware Hacking, How-To, Informational, Physical, Ray Felch, Red Team Tools Embedded systems, hardware hacking, JTAG, JTAGulator, Raymond Felch, reverse engineering, UART

How to Hack Hardware using UART

Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see “JTAG – Micro-Controller Debugging“), and although I made considerable progress finding and identifying the […]

Read the entire post here

00399_08192019_WEBCAST_WeaponizingAD (1)

Author, David Fletcher, How-To, Informational, Red Team Tools, Webcasts Active Directory, CredDefense Toolkit, David Fletcher, kerberoasting, password spraying, ResponderGuard

Webcast: Weaponizing Active Directory

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf 0:54 Background behind this webcast, what and […]

Read the entire post here

00398_08152019_UsingCloudFrontRelayCobaltStrike

Author, Brian Fehrman, C2, How-To, Informational, Red Team, Red Team Tools Brian Fehrman, CloudFront, cobalt strike, Domain Fronting

Using CloudFront to Relay Cobalt Strike Traffic

Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a target’s traffic […]

Read the entire post here

Author, How-To, Informational, Justin Angel, Red Team, Red Team Tools ARP, BruteLoops, eavesarp, Justin Angel, MailSniper, netdiscover, SNAC, swisslogger

Analyzing ARP to Discover & Exploit Stale Network Address Configurations

Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the […]

Read the entire post here

«‹ 19 20 21 22 ›»