Before I did PWK, I had a hard time wrapping my head around buffer overflows. Even after taking an Assembly course in college, I was still fuzzy on how they really worked. Eventually, after watching countless videos, asking a ton of questions on Reddit, and doing PWK, I wrote it out for myself with pictures.... Continue Reading →
In my engagements and assessments, I often run a few powershell scripts that help identify next targets, check for bad group policy settings, AD misconfigs, missing patches, etc. This script combines the ones I use routinely and autoruns the functions I use in those scripts, outputting the results into a zip file. This script uses... Continue Reading →
I got a phishing email at work forwarded to me and was surprised it got through our filter. Looking at it, it was an email with the subject line “Confirm your identity” with an .HTML attachment. Opening the .html attachment up shows a pretty legit looking PayPal page. I put in some bogus info and... Continue Reading →
Bloodhound is an extremely useful tool that will map out active directory relationships throughout the network. In a pentest, this is critical because after the initial foothold, it gives you insight on what to attack next. In enterprise domains with thousands of workstations, users, and servers, blindly exploiting boxes is a sure way to get... Continue Reading →
What I’m using: Responder Empire Deathstar Ntlmrelayx.py (Install Guide here) Operating Systems Host: Ubuntu 16.04, Kali Linux (Latest) Target 1: Windows Server 2008 R2 (Dummy server) Target 2: Windows Server 2008 R2 (Domain Controller) In a domain, it’s not uncommon for NTLMv2 hashes to be captured in some way while doing a penetration test. The problem... Continue Reading →
