Search Results for: password

Author, Blue Team, David Fletcher, Red Team Blue Team, Conference Talk, GrrCon, Purple Team, Red Team, Red Team vs. Blue Team

Red + Blue = Purple

David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]

Read the entire post here

Author, David Fletcher, Red Team pentest reporting, pentest reports, Pentesting, red team life, reporting, technical writing, writing

How to Not Suck at Reporting (or How to Write Great Pentesting Reports)

David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team NTFS Permissions, pen-testing, Pentesting

How to Take Advantage of Weak NTFS Permissions

David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, FindPeople, Get-GlobalAddressList, Invoke-PasswordSprayOWA, InvokePasswordSprayEWS, MailSniper, OWA, updates

Attacking Exchange with MailSniper

Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]

Read the entire post here

Author, InfoSec 101, John Strand how John got bitter, Life Lessons, Pentesting, pentesting lessons, when in doubt ask

Ten years later… Memories from Pentesting Past

John Strand // So, I have passed the timeframe where I have been actively penetration testing for over a decade…. I have a large number of pretty strongly held beliefs […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, hunting, Pentesting, pillaging, red teaming, sensitive info, yolo

Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data

Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]

Read the entire post here

Author, How-To, Jordan Drysdale cloaking, goSecure, great success, IADGov, magical time, non-attrib, raspberry Pi, VPN

Turning a Raspberry Pi 3 Into a Cloaking Device With goSecure VPN

Jordan Drysdale // This article, like the IADGov link here has three major steps. First, acquire a Raspberry Pi and a VPS running CentOS 6.8. Second, configure the server and Raspberry […]

Read the entire post here

InfoSec 201 fun with social networks, kony2012, social engineering, social media mining

Mining Mary’s Social Media Antics for Social Engineering

Christine Sorensen // Let’s talk about Mary. Mary Watson is a girl in her twenties and just graduated from Midtown University with her bachelors in Fashion Merchandising. Mary is now […]

Read the entire post here

External/Internal, Red Team Burp, Duct Tape, Mechanical Engineering, password spraying, pen-testing

Downloading an Address Book from an Outlook Web App (OWA) Portal

Carrie Roberts //  Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]

Read the entire post here