Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/aDRYaH5wubSqWcUk1 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More

My talk today at Wild West Hacking Fest was about some documents that I released here. I’ll make this blog post more indepth later but for right now I wanted to get the slides out. (If you can’t access one of the documents yet, don’t ask for permission to do ... Read More

Created the 2017 UNOFFICIAL GrrCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/ddfN6gHPbCJweGUw2 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More

Like many of you I’m a gmail hoarder. I never deleting anything, just “archive” everything. I “might” need it later, or “I’ll get to it when I have time”. If we get really honest with ourselves, we never will actually get to it, and because we have this buffer, this ... Read More

Created the 2017 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/vyqVHjZkxE4WhA9X2 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More

If you’ve ever been pentesting an organization that had LAPS, you know that it is the best solution for randomizing local administrator passwords on the planet. (You should just be leaving them disabled). LAPS stores it’s information in Active Directory: The expiration time: ms-Mcs-AdmPwdExpirationTime: 131461867015760024 And the actual password in ... Read More

Soon after I blogged about the “Snagging Creds from Locked Machines” and it went a bit viral for a day, Pierluigi Paganini from SecurityAffairs.co asked me some great questions, that I failed to answer in a timely manner. They are probably a lot less useful to him now (8 months ... Read More

“Secure” DNS updates is the default in Windows, but there is an option to allow “Nonsecure” updates. I have seen this changed when non-Windows DHCP servers are used (eg Access Points), this opens a network up to some pretty nifty attacks that a Metasploit module just hit the ground for ... Read More

Image showing how to allow users to be able to reset user passwords Disclaimer: If you are here because you are a helpdesk person, this is a pentest blog, so it’s coming from the mindset of a pentester, but this could just as easily be used for legitmate purposes. There ... Read More

LanManager passwords (“LM”) is a very old and well known password hashing function. Used way back in OS/2 Warp and MS-Net (networking for MS-DOS). It was great in it’s day, however how it worked was not sustainable. The hashing was performed only haver uppercasing and splitting the password into two ... Read More