penetration testing

How-To, Mobile Android, android hacking, mobile hacking, penetration testing, Pentesting, walkthrough

Start to Finish: Configuring an Android Phone for Pentesting

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

Read the entire post here

Author, John Strand, Red Team, Webcasts anti-virus, carbonblack, endpoint security, how to bypass Anti Virus, pen-testing, penetration testing, Red Team, Sacred Cash Cow Tipping

Webcast: Sacred Cash Cow Tipping 2019

John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of […]

Read the entire post here

00257_12132017_PerformingPhysicalPentest

Author, Jordan Drysdale, Physical, Red Team Badgy, Jordan Drysdale, pen-testing, penetration testing, pentest, Pentesting, Physical Pentest

Performing a Physical Pentest? Bring This!

Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you don’t own […]

Read the entire post here

00256_12062017_DiggingIntoVulnerableWindowsServices

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

00255_12042017_MorningWithCobaltStrikeSymantec

Author, C2, Joff Thyer, Red Team anti-virus, AV software, C2, easy button, pen-testing, penetration testing, pentest, Pentesting, Symantec, There is NO easy button

A Morning with Cobalt Strike & Symantec

Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]

Read the entire post here

Red Team, Red Team Tools how to hide payload in MS docs, Malware, Microsoft, MS Word, pen-testing, penetration testing, pentest, Pentesting, Pentesting tips and tricks, PowerShell, PowerShell Scripts, Word

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

External/Internal, Red Team, Red Team Tools EyeWitness, good to know, handy dandy, penetration testing, Pentesting, screenshots, tool

Web Server Screenshots with a Single Command

Carrie Roberts // EyeWitness is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools Bypassing Web-Proxy Filtering, C2 Channels, penetration testing, Pentesting, PowerShell, Web-Proxy Filtering

How to Bypass Web-Proxy Filtering

Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]

Read the entire post here

1 2