The Best Way to Capture Traffic in 2021
There are times when you need to capture some network traffic. Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for that clear text communication floating on the network to a host). On top of needing a capture, you ... Read More
Computers are People Too
There are those rare times during pen tests, when you are on a client’s network and you don’t have any valid domain credentials but you do have local admin on a windows device joined to the client’s domain. Perhaps you’ve exploited a vulnerability on a system that grants you local ... Read More
Android App Testing on Chromebooks
Part of testing Android mobile applications is proxying traffic, just like other web applications. However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections. Unless the application was written to trust these CAs, we have no way of viewing the https traffic ... Read More
Watching yOUr Permissions
Often, one of the main goals of a pen tester is to get Domain Admin (DA) rights in a client’s Windows network. But why do we want to get that level of access? For some, it may just be the satisfaction of navigating far enough to compromise the DA account ... Read More
Ever Run a Relay? Why SMB Relays Should Be On Your Mind
Time is never on your side when you’re onsite with a client and trying to get the first good foothold, with admin privileges, can seem impossible. However, some things seem to work more often than others. One of my current, favorite methods to jump start my access in a network ... Read More
