• Jan 30, 2019

    Microsoft Exchange 2013/2016/2019 vulnerable to remote privilege escalation

    Exchange 2013 or later fails to properly authenticate and validate certain requests, allowing a remote attacker with access to an Exchange mailbox to gain full Domain Administrative privileges.

  • Dec 20, 2018

    Starting your pentest...with reporting?

    Reporting might sound like an odd place to start a pentest. When most well-known pentesters say that reporting is one of the most important parts of the test, you tend to sit up and take notice.

  • Dec 18, 2018

    Building my pentest lab

    Following up on my last post, here is my initial lab setup. As you will see, it’s not much of a lab. But that’s not the point. I don’t need much horsepower at this time, and neither would most beginners. As your skills and needs change, you can certainly ramp up to a dedicated lab environment.