Exposing Phishers via Bad OpSec

I got a phishing email at work forwarded to me and was surprised it got through our filter. Looking at it, it was an email with the subject line “Confirm your identity” with an .HTML attachment. Opening the .html attachment up shows a pretty legit looking PayPal page. I put in some bogus info and... Continue Reading →

Using Bloodhound to Map the Domain

Bloodhound is an extremely useful tool that will map out active directory relationships throughout the network. In a pentest, this is critical because after the initial foothold, it gives you insight on what to attack next. In enterprise domains with thousands of workstations, users, and servers, blindly exploiting boxes is a sure way to get... Continue Reading →

Create a website or blog at WordPress.com

Up ↑