Endpoint security tools can be a real pain when trying to get accurate vulnerability scans. Some tools go so far as to kill off a generic Nessus scan. Each has it’s own bypass mechanism.
After several weeks of nothing happening malware-related at work, my phone pinged and alerted me to someone caught red-handed clicking on something they shouldn’t have.
Exchange 2013 or later fails to properly authenticate and validate certain requests, allowing a remote attacker with access to an Exchange mailbox to gain full Domain Administrative privileges.
Reporting might sound like an odd place to start a pentest. When most well-known pentesters say that reporting is one of the most important parts of the test, you tend to sit up and take notice.
I suggest putting these in your incoming mail filters to get alerts for possible ransom attacks. The recent spat of email-based bomb threats all contained wallet addresses.
In my never-ending quest to learn more about hacking in general, I’ve decided to take on a personal project and bone up on the skills required for penetration testing.
Here is a summary of some secure file sharing tips culled from Twitter thread over the weekend.
I was given the opportunity to run some tests against the wireless infrastructure at my office. The actual scenario is to deploy a rogue access point and start gathering intel on the organization. But I decided to take this a…
Here are some tips for unmasking a site hosted behind CloudFlare. YMMV as I have not yet tested these.
Here’s a list of security conferences and events within a few hours drive of Greenville, SC. I am amazed at the number of B-Sides in the area after living at least 6 hours away from EVERYTHING for so long.