2018 ShmooCon Hiring List

2018 ShmooCon Hiring List

Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/aDRYaH5wubSqWcUk1 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More
Open Source Pentesting

Open Source Pentesting

My talk today at Wild West Hacking Fest was about some documents that I released here. I’ll make this blog post more indepth later but for right now I wanted to get the slides out. (If you can’t access one of the documents yet, don’t ask for permission to do ... Read More
2017 GrrCon Hiring List

2017 GrrCon Hiring List

Created the 2017 UNOFFICIAL GrrCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/ddfN6gHPbCJweGUw2 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More
Automatically deleting old Gmail email

Automatically deleting old Gmail email

Like many of you I’m a gmail hoarder. I never deleting anything, just “archive” everything. I “might” need it later, or “I’ll get to it when I have time”. If we get really honest with ourselves, we never will actually get to it, and because we have this buffer, this ... Read More
2017 DerbyCon Hiring List

2017 DerbyCon Hiring List

Created the 2017 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/vyqVHjZkxE4WhA9X2 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More
Dump LAPS passwords with ldapsearch

Dump LAPS passwords with ldapsearch

If you’ve ever been pentesting an organization that had LAPS, you know that it is the best solution for randomizing local administrator passwords on the planet. (You should just be leaving them disabled). LAPS stores it’s information in Active Directory: The expiration time: ms-Mcs-AdmPwdExpirationTime: 131461867015760024 And the actual password in ... Read More
Security Affairs Questions

Security Affairs Questions

Soon after I blogged about the “Snagging Creds from Locked Machines” and it went a bit viral for a day, Pierluigi Paganini from SecurityAffairs.co asked me some great questions, that I failed to answer in a timely manner. They are probably a lot less useful to him now (8 months ... Read More
Dynamic DNS Update Module

Dynamic DNS Update Module

“Secure” DNS updates is the default in Windows, but there is an option to allow “Nonsecure” updates. I have seen this changed when non-Windows DHCP servers are used (eg Access Points), this opens a network up to some pretty nifty attacks that a Metasploit module just hit the ground for ... Read More
Reset AD user password with Linux

Reset AD user password with Linux

Image showing how to allow users to be able to reset user passwords Disclaimer: If you are here because you are a helpdesk person, this is a pentest blog, so it’s coming from the mindset of a pentester, but this could just as easily be used for legitmate purposes. There ... Read More
Password Magic Numbers

Password Magic Numbers

LanManager passwords (“LM”) is a very old and well known password hashing function. Used way back in OS/2 Warp and MS-Net (networking for MS-DOS). It was great in it’s day, however how it worked was not sustainable. The hashing was performed only haver uppercasing and splitting the password into two ... Read More
Loading...