SecSmash: Leveraging Enterprise Tools for command execution, lateral movement and C2

Release We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows you to turn centralized management, monitoring, and security tools into C2 infrastructure. Check out the tool on Github: https://github.com/tevora-threat/SecSmash SecSmash is for leveraging credentials to these systems to…

Eternal Blues

As pentesters, our job is to demonstrate the risk of unpatched vulnerabilities to the business. The past month, this has largely been an exercise in demonstrating the risk of the eternal blue vulnerability. In order to do this, it is key we as the good guys possess the same tools…

Cracking NTLMv1 Handshakes with Crack.sh

What This post will show how to crack NTLMv1 handshakes with the crack.sh service to obtain the NTLM hash. This technique has been publicized since 2013, but is often not leveraged by testers. Intro For most pentesters, running Responder.py is one of the first tasks performed on internal…