Search Results for: password
Why You Got Hacked – 2025 Super Edition
This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.
Abusing Delegation with Impacket (Part 2): Constrained Delegation
This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven’t already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.
Abusing Delegation with Impacket (Part 1): Unconstrained Delegation
In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.
Bypassing WAFs Using Oversized Requests
Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.
Getting Started with AI Hacking Part 2: Prompt Injection
In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem – Prompt Injection: The AI version of talking your way past the bouncer.
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2)
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1)
In part 1 of this post, we’ll discuss how Hayabusa and “Security Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
Default Web Content
Whether it’s forgotten temporary files, installation artifacts, READMEs, or even simple image files–default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.