About Windows Process/Thread Tokens and Pass The Hash

Windows has a rich security model that is worth understanding to operate effectively on a red team or pentest. There are many great resources that discuss this topic. We will reference them and attempt to distill the foundational concepts and the operational points you should know. Specifically, we will focus…

Email Enumeration with Prowl

During an engagement, having an email list for your target can be useful for a variety of reasons. When it comes to social engineering and password spraying, more email addresses translate to higher chances of success. While some clients will provide an employee directory, for others it may be necessary…

Configuring Secure Boot + TPM 2

This post will walk through the process of automatically decrypting a LUKS encrypted drive on boot using a chain of trust implemented via Secure Boot and TPM 2. Warning: This post does not discuss initramfs configuration. Configuration of the initramfs is distribution specific. Effort needs to be taken to ensure…