Yesterday I was asked a couple of questions by someone that I mentor/help along the way with their own cyber security journey, to do with a few topics they are starting to look into. One such question asked was:

“What is a DLL and how can they be used for exploitation”

Now, I know the answer to this, but I found my repsonse to the individual in question, somewhat lacking, which made me feel a little disappointed in myself. So to that end, I thought I’d do a “do over”, so what did I do, I wrote a blog post about the answer of course, or rather my “Interpretation” of it.

Nothing new or ground breaking here, seasoned pentesters/red teamers/malware devs might want to skip it, but hopefully it’s better than the “wooly” explanation I provided yesterday… lol

Pentest tool Tips

Continue Reading

Dir-Generator: An aid to bring order to what can be the chaos of organising your engagement data.

This short blog post will talk through a small penetration testing aid I wrote in Python, Dir-Generator, which automates the creation of a pentest engagement folder and series of complimentary sub folders, to aid in the organization and storage of engagement related data, images, logs, payloads, etc. gathered throughout the engagement.

Pentest tool

Continue Reading

… Woop-woop, that’s the sound of da police …

During my time as a penetration tester, Adversarial Engineer, Red Teamer and security consultant, whether through the work itself or verbal interactions, one re-occurring theme always emerges above all others, and this is, that the “business” thinks that pentesters’/security are the fun police, aka, the ‘bad guys’!

We’re seen as party poopers, due the very nature of our job, more often than not, due to it being negative by its very connotation. Nobody wants to be told that the very things they’ve built/are responsible for, has issues and more so, issues that could delay or halt progress altogether or pose a security risk/impact to the business!

In this post we will dive into some of the key things that, we as penetration testers, Adversarial Engineers, red teamers, security consultant and the business, can do to revise our approaches, promote better engagement, build better rapport, bring greater value to the process, along with avoiding some of the common mistake that we’ve all been known to make!

Image Credits: @_RayRT | rayrt.gitlab.io, his skills are unreal, both technically and visually, thank you for you help as always!

Pentest101 Tips Best Practice

Continue Reading

This blog post will talk through the setup and deployment of a Kali Linux EC2 using AWS CloudFormation.

Basically, I got tired of doing the same thing over and over, and decided to make my life easier, sorry, more efficient, and automate the build task of something I do regularly.

Pentest AWS Kali

Continue Reading

Photo by Michael Geiger on Unsplash

Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, particularly financial institutions, creating substantial challenges for data security and business continuity.

This blog post looks at protecting your business through Ransomware Prevention and Recovery Best Practices.

Ransomware Tips Best Practice

Continue Reading

Phishing’ at its most basic level, involves sending fraudulent emails, claiming the pretence of being from a reputable or well known/trusted/familiar company or individual, with the goal of deceiving recipients into either clicking on a malicious link or downloading an infected attachment, usually to steal financial or confidential information”.

Pentest SE Social Engineering

Continue Reading

Part 4 of the series will focus on what a penetration testing report should contain and how we use the penetration engagement, the testing activities carried out, and the information, vulnerability, and/or exploit data we documented to populate the penetration testing report.

Hacking is the fun part; now, for the business end of things, it is the most crucial output.

Pentest101 Tips Best Practice

Continue Reading

The next post in out ‘PT101’ series, Part 3, will be detailing how we execute the scope of work and the penetration test itself.

It’s time to test some pens …

Pentest101 Tips Best Practice

Continue Reading

The next post in out ‘PT101’ series, Part 2, will be detailing the steps required prior to performing pentesting, the essential details to understand and the end-to-end process.

Pentest101 Tips Best Practice

Continue Reading

So, you need or want a Pentest….

So, that day has finally come when you’ve been tasked with obtaining a penetration test for that project you’ve built or are accountable for, or perhaps you’ve been informed that it’s necessary due to “compliance requirements”.

Pentest101 Tips Best Practice

Continue Reading

‘Smishing’ is a blended word comprised of “SMS” (short message service) and “phishing.” In short, it’s a social engineering attack vector that leverages text messages to deceive individuals into taking several actions (outlined later in the post).

Pentest SE Social Engineering

Continue Reading

The Grey Man Concept: A must have trait/ability for any Social Engineer

Social engineering is an umbrella term used interchangeably when discussing various malicious activities accomplished through multiple forms of human interaction.

Pentest SE Social Engineering Physical

Continue Reading

The Cloud, love it, loth it; however, we’re all living it!

From streaming our favourite shows to sharing photos with friends and colleagues, cloud computing has revolutionized the way we live and work. But what exactly is the cloud, and how did it come about?

Pentest Cloud Top5 Vulnerabilities Best Practice

Continue Reading

Today we have a new post covering an overview of some tips and best practices when it comes to administering/reviewing firewalls as a result of some recent engagement I undertook. The majority of the content below is not new or ground breaking, but comes from recommendations I’ve made or information I’ve collected and used as references during my time reporting on firewall reviews. Due to this and my recent work, I thought I’d write up a few things which hopefully help some folks out when it comes to these types of engagements. Possible use cases for the following information could be:

• Provide the following points to non-tech Points-of-Contact or inexperienced firewall admins
• Use sections of this blog post as the basis for recommendations where issues have been identified with the ruleset or ACLs in use.
• Or simply as a refresher for the new or more experiences among us

Enjoy!

Pentest Firewall Tips Best Practice

Continue Reading

What is wireless Penetration Testing

Wireless Penetration testing is the enumeration and examination of a target wireless networks configuration and hardware in use i.e. mainly access points, by either passive or active means, with the aim being to highlight any security issues or information leakage. This can be further defined by the testing scope provided for the engagement. This should detail whats required and related to your specific Wifi/WLAN assessment.

Pentest Wifi Cracking Passwords

Continue Reading

This post is going to be more results/statistics based, providing context to the benchmark tests myself and Nick carried out! It will cover the Benchmarks that we obtained from Hashcat, once we had completed the EC2 Kali instance set-up. The original post covering this can be found here, Cracking in the Cloud with Hashcat

Pentest AWS Cracking EC2 Passwords

Continue Reading

Cracking in the cloud with Hashcat – A how to…

So first up, this post came about from a discussion with another tester centering around whether using a cloud based platform is a worthwhile venture for real-time and offline password/hash decrypting i.e. cracking.

After a quick search on the pentesters best friend, Google, it leads my colleague and I to a variety of different write-ups covering both technical details and set-up guides. Two of the best we came across can be found at the following links:

• BlackHills Information Security

• N0UR Net+Sec Blog

Pentest AWS Cracking EC2 Passwords

Continue Reading

Following on from my previous blog post on NLA, a tool to help with RDP enumeration has been suggested to me to explore. The tools name is ‘rdp-sec-check’ by Portcullis Labs.

Having surfed over to the Protcullis website to check out this tool I found a handy introduction to it. As expected it covers basically what the tool is and how it goes about its business. Obviously the name gives it away, ‘rdp-sec-check’, it’s another tool for checking the RDP security configuration of a target host.

Pentest RDP

Continue Reading

While on a test recently, I noted that several hosts had TCP port 3389 (RDP) open. I had a little extra time to play with and after reading Robin Wood’s @diginija recent blog post Show RDP login page. Great I thought, time to put this to practice! Maybe I could snag some low hanging fruit such as what @diginija got a glimpse of i.e. logged in user accounts/usernames. Now the difference in my scenario was I was using a Linux host for testing and @digininja used a Windows host, this meant I’d be using either ‘rdesktop’ or ‘Remmina/FreeRDP’ instead of the native windows application. So a few questions arose from this, “Would I be able to replicate what @diginija achieved?” and “would there be any issues in trying to achieve the same objective, though using a different host??” Only one way to find out!

Rdp NLA Pentest

Continue Reading