My job involves lightweight pentesting and vulnerability assessment and such is the nature that clients know what I want to accomplish and will happily white-list any script I ask them to, but what's the fun in that? Researching methods to bypass AV and thinking of methods to just not write to disk, showed that AV... Continue Reading →

Before I did PWK, I had a hard time wrapping my head around buffer overflows. Even after taking an Assembly course in college, I was still fuzzy on how they really worked. Eventually, after watching countless videos, asking a ton of questions on Reddit, and doing PWK, I wrote it out for myself with pictures.... Continue Reading →

In my engagements and assessments, I often run a few powershell scripts that help identify next targets, check for bad group policy settings, AD misconfigs, missing patches, etc. This script combines the ones I use routinely and autoruns the functions I use in those scripts, outputting the results into a zip file. This script uses... Continue Reading →

I got a phishing email at work forwarded to me and was surprised it got through our filter. Looking at it, it was an email with the subject line “Confirm your identity” with an .HTML attachment. Opening the .html attachment up shows a pretty legit looking PayPal page. I put in some bogus info and... Continue Reading →

Bloodhound is an extremely useful tool that will map out active directory relationships throughout the network. In a pentest, this is critical because after the initial foothold, it gives you insight on what to attack next. In enterprise domains with thousands of workstations, users, and servers, blindly exploiting boxes is a sure way to get... Continue Reading →