I really like network penetration testing. Some might even say that it’s one of my favorite things! Whether I’m looking to break into an internal network from the Internet, or I’m slinking my way through internal SMB shares, databases, and domain controllers, you can bet that I’ve got a smile… Continue Reading Introducing Pwnage Per Port
Ashley Madison recently had a really bad day. In the off chance that you haven’t heard about it, Ashley Madison’s entire internal network got popped and the attackers leaked around 10GB of compressed data to the Intertubez. Plenty of sites have articles detailing “what was leaked,” yet I found nothing… Continue Reading What Is in the FIRST Ashley Madison Leak?
I recently found myself in a situation where I had access to an internal network (10.0.0.0/8), but had no additional information about the network’s topology, defenses, firewalls, or hardware. Scratching my head, I started putting together tactics to enumerate the network given the following constraints: Short amount of time available… Continue Reading Blind Box Hunting on Internal Networks – Part 1
Egor Homakov recently published a post entitled Why You Don’t Need 2 Factor Authentication on the Sakurity company blog. The post brazenly stated that using two-factor authentication was equivalent to using a password manager. Because two-factor authentication is a technology that offers one of the best returns on investment with… Continue Reading Why You Want Two-factor Authentication