Search Results for: password

Fun & Games Blue Team, Blue Team Barbie, Christmas Toys, Elf on the Shelf, fun and games, infosec, Red Team, Red Team Elf on the Shelf

A Holiday Tale of Two Teams: The Blue Team Barbie & Red Team Elf on the Shelf saga

Staff // Thanks to everyone for all the good ideas! We had so much fun with this, and hopefully it made you laugh as much as we did. Happy December! […]

Read the entire post here

Macro shot of twenty sided dice with other dice

Author, Blue Team, John Strand Cubicles and Compromises, Dungeons and Dragons, Incident Response, Table Top

Dungeons & Dragons, Meet Cubicles & Compromises

John Strand // Lately we’ve been running a very cool game with a few of our customers. There’s been some demand for incident response table top exercises. For the […]

Read the entire post here

00256_12062017_DiggingIntoVulnerableWindowsServices

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

00247_11012017_GoogleCalendarEventInjectionMailSniper

Author, Beau Bullock, Mike Felch, Red Team, Red Team Tools Event Injection, G Suite, Google, Google Calendar

Google Calendar Event Injection with MailSniper

Beau Bullock & Michael Felch // Source: https://chrome.google.com/webstore/detail/google-calendar-by-google/gmbgaklkmjakoegficnlkhebmhkjfich Overview Google Calendar is one of the many features provided to those who sign up for a Google account along with other popular […]

Read the entire post here

Author, Beau Bullock, Blue Team, Blue Team Tools, Brian Fehrman Cred Defense Tool Kit, CredDefense, CredDefense Toolkit, event log consolidation, hardening accounts, kerberoasting, password auditing, password spraying, Pentesting, ResponderGuard

The CredDefense Toolkit

Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless GPS'd SSIDs, Kismet, raspberry Pi, Wireless

How to: From WarDriving to SSIDs on Google Maps with Latitude/Longitude

Jordan Drysdale // Step 1: Build your capture rig RPi3, Kali, Battery Packs, 2 x supported wifi card of your choosing (I used the Alfa Black for this run). My finished product: Solar Battery […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

00213_07102017_EndpointMonitoringShoestringBudget

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here

Author, How-To, Kent Ickler Cacti, data, go hug a cactus, Kent Ickler, Net Admin, Network monitoring, switches, Ubuntu

How to Install Cacti 1.1.10 on Ubuntu 16.04

Kent Ickler // What is Cacti? Cacti is a network system that inputs system-generated quantifiable data and presents the data in spiffy graphs. Net-Admin In the Net-Admin world, it gives […]

Read the entire post here

«‹ 24 25 26 27 ›»