In a previous blog post I talked about downloading, installing, and using the Proxmark3 for social engineering engagements. This post will build off of the content discussed previously and walk […]
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
This blog post will walk through utilizing publicly available exploit code to compromise a network through Zerologon.
In this blog series coworkers and I will be performing a walkthrough of interesting domain take overs that have occurred during pentest engagements. The first part to this series occurred […]
Lately, I have received more phishing emails in my burner (test) email that are related to Amazon than ever before. This probably due to the influx of online shopping driven […]
For those not yet familiar with the Simple Security Fails series – previous posts are located here: part 1, part 2, part 3, part 4 Lately I have tested a […]
This blog post will focus on exploiting exposed Docker daemons. During a recent internal penetration test I discovered an exposed Docker Daemon. By having the daemon exposed outside of the […]
Most people these days have one of those burner email addresses – used for product sign-ups, etc.. I certainly do and that account receives its fair share of phishing emails. […]
Today we’re going to talk a bit about CSV injection. First of all, what is CSV Injection? “CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input […]
On a recent Internal Penetration Test engagement, I was reviewing some Nessus scan data and came across an “Microsoft Windows SMB Shares Unprivileged Access” finding. As we can see from […]
