Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept […]
Bloodhound Cypher Cheatsheet
Bloodhound uses Neo4j, a graphing database, which uses the Cypher language. Cypher is a bit complex since it’s almost like programming with ASCII art. This cheatsheet aims to cover some Cypher queries that can easily be pasted into Bloodhound GUI and or Neo4j Console to leverage more than the default queries. Keep in mind of … Continue reading Bloodhound Cypher Cheatsheet
Yet Another OSCP Exam Blog Post
I started my OSCP journey well over a year ago, almost two. It was a long time ago, but I remember still not knowing a lot and having anxiety because I'm not sure I'd do so well. When I finally decided to enroll, it was because someone told me that I didn't have enough experience … Continue reading Yet Another OSCP Exam Blog Post
CypherDog Cheatsheet
Bloodhound is a phenominal tool that should be in every pentester's toolkit, as it literally graphs an attack plan, but that also means that it's just as useful to the blue team. When I do pentests or risk assessments and show the client Bloodhound, they're both AmazedConfused on how to use it The tool in … Continue reading CypherDog Cheatsheet
Penetration Testing Active Directory, Part II
In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation. Privilege escalation in Windows can of course come from a missing patch or unquoted service paths, but … Continue reading Penetration Testing Active Directory, Part II
