BloodHound When I came across the tool BloodHound, it quickly became one of the go-to tools in my arsenal. BloodHound has increased my speed and efficiency on most engagements and so I wanted to share what I've learned about the tool to help you get started with it.…
As pentesters, our job is to demonstrate the risk of unpatched vulnerabilities to the business. The past month, this has largely been an exercise in demonstrating the risk of the eternal blue vulnerability. In order to do this, it is key we as the good guys possess the same tools…
Background Responder is a go-to tool for most pentesters. We use it quite often on pentests to quickly gain access to a client’s domain. However, when clients enforce strong password policies and their users don’t choose passwords like 'Ilovemykids2017!', we are forced to resort to using masks…
What This post will show how to crack NTLMv1 handshakes with the crack.sh service to obtain the NTLM hash. This technique has been publicized since 2013, but is often not leveraged by testers. Intro For most pentesters, running Responder.py is one of the first tasks performed on internal…
Overview During a recent Red-Team engagement, we discovered a series of information disclosures on a site allowing our team to go from zero access to full compromise in a matter of hours. Information disclosures in Apache HTTP servers with mod_status enabled allowed our team to discover.jar files, hosted…
