While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener. This hash belonged to an account named…
Detecting CrackMapExec (CME) with Bro, Sysmon, and Powershell logs
CrackMapExec is a popular tool that is used by attackers to move laterally throughout an environment. I use it personally on my penetration tests, as I’ve found that it does a really good job at moving from system to system without detection. My goal with this blog post is to give defenders some techniques on…
Securing a default installation of MacOS
This was originally written as the basis for a GIAC Gold paper. Ultimately, it was not unique enough to warrant a research paper, but will provide an overview of the security features of MacOS. As of mid 2016, MacOS captures nearly 10% of the global market for desktop PC software. While Apple computers…
Removing Backdoors – Powershell Empire Edition
I’m a big fan of Powershell Empire for penetration testing. If you haven’t heard of it, it is a post-exploitation framework which uses powershell agents to run post-exploitation scripts on a target system. This blog post is meant to address a small subset of the…
Categories
n00py Blog
- The Dangers of Endpoint Discovery in VIPRE Endpoint Security
- Dumping LAPS Passwords from Linux
- Alternative ways to Pass the Hash (PtH)
- Password Spraying Secure Logon for F5 Networks
- Extracting files from Burp Intruder Output
- Exploiting LDAP Server NULL Bind
- Managing Active Directory groups from Linux
- Zero day vulnerabilities in Determine Selectica Contract Lifecycle Management (SCLM) v5.4
- Password Spraying Dell SonicWALL Virtual Office
- Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel
April 2021 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Archives