penetrationtesting This one time on a pentest... Is life just a CTF?! Consider the series like a set of war stories from the front line, not always wins or epic hacks, but sometimes just cool attack paths or equally interesting environments.
passwords I Know What Your Password Was Last Summer... We have spent the last six months researching on the previous two years of prior cracked passwords and built some tools to understand password creation strategies better. Here are the results.
penetrationtesting Featured Offensive Sysadmin Suite, aka Adversary Kit The Offensive Sysadmin Suite provides a comprehensive set of tools presented in PowerShell and C#. This post dives into the functions of each.
penetrationtesting Introducing Slinky Cat - Living off the AD Land Slinky Cat has been developed to automate some of the methods introduced in living off the land and to supplement ScrapingKit. To help security and IT teams reduce their AD exposures and uncover quick wins and fixes designed for pen-testers and defenders alike.
penetrationtesting Featured Introducing Scraping Kit Scraping Kit comprises several tools for scraping services for keywords, useful for the initial enumeration of Domain Controllers or if you have popped a user's desktop with access to their Outlook client.
redteam Featured Top 5 Insider Threat Findings Throughout 2022, the Lares Red Team has tracked several emerging trends when assisting clients with insider threat engagements. This blog post elaborates on the five most impactful findings in environments.
redteam Multiple Paths to Compromise An Environment Every stage of an attack starts with reconnaissance, from an external attacker's perspective, profiling a company's exterior footprint or an insider threat and identifying what systems to go after. A wealth of information can be gathered during the reconnaissance phase of an assessment. I've written about the OSINT techniques that
purpleteam Detection and Mitigation Advice for PrintNightmare PrintNightmare(CVE-2021-34527) was released as a proof of concept this week on Github. This post highlights how the exploit PoCs released on Github work and how the specific vulnerability can be fixed and detected.
redteam Social Profiling – OSINT for Red/Blue One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy enumeration.
