Computers are People Too

Computers are People Too

There are those rare times during pen tests, when you are on a client’s network and you don’t have any valid domain credentials but you do have local admin on a windows device joined to the client’s domain. Perhaps you’ve exploited a vulnerability on a system that grants you local ... Read More
Android App Testing on Chromebooks

Android App Testing on Chromebooks

Part of testing Android mobile applications is proxying traffic, just like other web applications. However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections. Unless the application was written to trust these CAs, we have no way of viewing the https traffic ... Read More
Watching yOUr Permissions

Watching yOUr Permissions

Often, one of the main goals of a pen tester is to get Domain Admin (DA) rights in a client’s Windows network. But why do we want to get that level of access? For some, it may just be the satisfaction of navigating far enough to compromise the DA account ... Read More
Ever Run a Relay?  Why SMB Relays Should Be On Your Mind

Ever Run a Relay? Why SMB Relays Should Be On Your Mind

Time is never on your side when you’re onsite with a client and trying to get the first good foothold, with admin privileges, can seem impossible. However, some things seem to work more often than others. One of my current, favorite methods to jump start my access in a network ... Read More