Exposing Phishers via Bad OpSec

I got a phishing email at work forwarded to me and was surprised it got through our filter. Looking at it, it was an email with the subject line “Confirm your identity” with an .HTML attachment. Opening the .html attachment up shows a pretty legit looking PayPal page. I put in some bogus info and... Continue Reading →

Using Bloodhound to Map the Domain

Bloodhound is an extremely useful tool that will map out active directory relationships throughout the network. In a pentest, this is critical because after the initial foothold, it gives you insight on what to attack next. In enterprise domains with thousands of workstations, users, and servers, blindly exploiting boxes is a sure way to get... Continue Reading →

Equihax

A few weeks ago Equifax was breached and stirred up a lot of discussion in the infosec community on several topics, from how to prevent this from happening to how could you even let this happen, and I wanted to go over a few points on why this is such a monumental disaster and not... Continue Reading →

Create a website or blog at WordPress.com

Up ↑