Advanced TTPs – DotNetToJScript – Part 3
In our last blog we walked through modifying the UnmanagedPowerShell project to produce a version of PowerShellRunner that’s compatible with DotNetToJScript. The end goal in that blog was to execute […]
In our last blog we walked through modifying the UnmanagedPowerShell project to produce a version of PowerShellRunner that’s compatible with DotNetToJScript. The end goal in that blog was to execute […]
Last time we went through an overview of the awesome DotNetToJScript project, and why you should be interested in it for your Red/Purple Team testing. In this blog we’ll cover […]
External Service Interaction through DNS or HTTP is one way to identify out-of-band server interaction vulnerabilities (issues where the server will respond to something other than your testing computer). This […]
About three years ago Google Project Zero’s researcher James Forshaw released the excellent DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). If you’re not familiar, it introduced an interesting method to reflectively load a .NET […]
External Service Interaction through DNS or HTTP is one way to identify out-of-band server interaction vulnerabilities (issues where the server will respond to something other than your testing computer). This […]
During a recent engagement, I was tasked with testing a web application, in a non-production environment, with Multi-Factor Authentication (MFA). As I began testing, I realized that all of the […]
Overview I was engaged to perform a mainframe penetration test recently. What is a mainframe? Mainframes are high-performance computers with large memory (RAM) and processors that process billions of simple […]
Overview Recently on an internal penetration test engagement I ran into an installation of HP SiteScope. Wikipedia defines HP Sitescope as “agentless monitoring software focused on monitoring the availability and performance of […]
Christopher Emerson was interviewed at this year’s Cyber Security Summit (2019) about the organization and our unique approach to deep-dive penetration testing:
Life is filled with the best of intentions, such as wanting to win the lottery or keep the work emails to a manageable level. Large enterprises have the ability and […]