Blog

Home > Resources > Blog

Latest

Red Team Engagement Guide: How an Organization Should React

December 5, 2019

By Jason Lang in Red Team Adversarial Attack Simulation, Security Testing & Analysis

Featured

Playing With Old Hacks

November 19, 2019

By Oddvar Moe in Penetration Testing, Security Testing & Analysis

Creating Honey Credentials with LSA Secrets

November 21, 2019

By Scot Berner in Application Security Assessment, Penetration Testing, Security Testing & Analysis

As an attacker, I frequently leverage LSASecrets to escalate privileges within the context of an ongoing compromise. Generally, the attack path is something like this: Gain Initial Foothold > Escalate to Limited User > Dump LSASecrets on Systems Where Credentials are Administrator A pretty slick way to identify targets to dump LSASecrets on is to...

Read

Buying Internal Domain Access Again

October 3, 2019

By Scot Berner in Penetration Testing, Security Testing & Analysis

So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has...

Read