For the Techs 27 Mar 2019 Lateral Movement in an Environment with Attack Surface Reduction This blog post will discuss techniques to bypass the Attack Surface Reduction (ASR) rule “Block process creations originating from PSExec… Read More
For the Techs 04 Dec 2018 Cisco Pivoting for Penetration Testers Updated: Jul 21, 2020 On a recent engagement we faced a difficult target with minimal external attack surface. Their website had… Read More
For the Techs 20 Nov 2018 Multiple Transports in a Meterpreter Payload Updated: Jul 21, 2020 It’s no secret that we’re big fans of the Metasploit Framework for red-team operations. Every now and… Read More
For the Techs 11 Oct 2018 Configuring Metasploit and Empire to Catch Shells behind an Nginx Reverse Proxy Updated: Jul 21, 2020 During red team engagements, we’ve found ourselves in the situation of wanting to use multiple remote access… Read More
For the Techs 11 Oct 2018 Configuring Metasploit and Empire to Catch Shells behind an Nginx Reverse Proxy Updated: Sep 2, 2020 During red team engagements, we’ve found ourselves in the situation of wanting to use multiple remote access… Read More
For the Techs 03 Aug 2018 Taking Local File Disclosure to the Next Level I recently discovered a path traversal vulnerability on a bash script exposed through the cgi-bin directory on an Apache server.… Read More