Search Results for: password

Red Team, Red Team Tools password spraying, powershell domain user enumeration, tools

Domain User Enumeration

Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]

Read the entire post here

Red Team, Red Team Tools Digital Ocean, Outlook, OWA, webDAV

Deploying a WebDAV Server

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here

Author, Blue Team, David Fletcher, Red Team Blue Team, Conference Talk, GrrCon, Purple Team, Red Team, Red Team vs. Blue Team

Red + Blue = Purple

David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]

Read the entire post here

Author, David Fletcher, Red Team pentest reporting, pentest reports, Pentesting, red team life, reporting, technical writing, writing

How to Not Suck at Reporting (or How to Write Great Pentesting Reports)

David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team NTFS Permissions, pen-testing, Pentesting

How to Take Advantage of Weak NTFS Permissions

David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, FindPeople, Get-GlobalAddressList, Invoke-PasswordSprayOWA, InvokePasswordSprayEWS, MailSniper, OWA, updates

Attacking Exchange with MailSniper

Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]

Read the entire post here

Author, InfoSec 101, John Strand how John got bitter, Life Lessons, Pentesting, pentesting lessons, when in doubt ask

Ten years later… Memories from Pentesting Past

John Strand // So, I have passed the timeframe where I have been actively penetration testing for over a decade…. I have a large number of pretty strongly held beliefs […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, hunting, Pentesting, pillaging, red teaming, sensitive info, yolo

Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data

Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]

Read the entire post here