Blog

Bypassing Defender the Easy Way – FodHelper

Bypassing Defender the Easy Way – FodHelper

If you’ve ever tried to run a command prompt as administrator on your Windows OS before, you’ve seen a harmless popup appear. This is Windows User Account Control, or UAC. According to Microsoft, UAC “is a fundamental component of Microsoft’s overall security vision. UAC helps mitigate the impact of malware.” (How User Account Control Works)

Read More
Pentest Tales #002: Digging Deep​

Pentest Tales #002: Digging Deep​

Pentest Tales #002: Digging Deep Welcome to the second edition of Pentest Tales, a blog series that walks through real-world pentests we’ve performed in the past.  The purpose of this blog is not just to share the “owning” of a domain, but to provide education as to why a domain was owned in the first

Read More
SMB Relay Attacks – Gift That Keeps on Giving

SMB Relay Attacks – Gift That Keeps on Giving

With all of the new Microsoft vulnerabilities features being exploited lately, it’s important to consider some of the vulnerabilities that have truly withstood the test of time. Flavor of the Month vulnerabilities like PrinterNightmare and attacking Active Directory Certificate Services may seem incredible currently (and they are), but they end up being manually patched out

Read More
Kerberoasting Domain Accounts

Kerberoasting Domain Accounts

The Gift That Keeps on Giving Few vulnerabilities in the Windows Active Directory environment have had the long-lasting impact that Service Principal Names (SPN) have.  Domain-connected services, such as MSSQL servers, web servers, and more may be connected and issued identifiers that allow Kerberos to authenticate the service account.  If a domain user account is

Read More
ASREP Roasting & Pre-Authentication in AD Environments

ASREP Roasting & Pre-Authentication in AD Environments

Any Systems Administrator knows that the task of securing an Active Directory environment is a never-ending task.  Since the first Windows AD was released with Server 2000, Microsoft has added countless features.  Many of these features are created with connectivity in mind, and some are there to bypass security features to allow accessibility with incompatible

Read More
Boost Your Security Program for WFH Employees

Boost Your Security Program for WFH Employees

With communities beginning to open back up, companies are considering the decision to stay remote.  And this comes with good reasons.  The cost of leasing space might be prohibitive and downsizing to host only necessary business functions could help with expenses.  During the pandemic, your organization may have seen an increase in productivity and employee

Read More
Should I Whitelist A Penetration Tester’s IP?

Should I Whitelist A Penetration Tester’s IP?

While working out the details with a client for an upcoming security assessment, whitelisting the penetration testers IP addresses always generates additional conversation. It may seem odd because you wouldn’t whitelist your adversaries to bypass a security control, so why would you do it during an attack simulation. Depending on your resources, needs, and what

Read More
Should I get a “Re-test” with my penetration assessment?

Should I get a “Re-test” with my penetration assessment?

Something you’ve likely already encountered on your penetration testing service quotes are the inclusion or add-on of a re-test. Some organizations use this as a differentiator by including it with their quotes and some offering it simply as an add-on. It’s something you should determine if its right for your organization and if so, what

Read More
The “Medium Risk” Finding That’s Destroying Your Security Program

The “Medium Risk” Finding That’s Destroying Your Security Program

Many of our clients perform vulnerability scanning on a regular basis but find that they still don’t perform as well as they’d like on penetration tests. Well today we’re going to discuss a finding that’s frequently found on networks, that many vulnerability scanners consider a Medium Risk, and that usually ends in objective achievement. We’re

Read More
The Dangers of LLMNR/NBT-NS

The Dangers of LLMNR/NBT-NS

What is LLMNR/NBT-NS LLMNR (Link Local Multicast Name Resolution) and NBT-NS (NetBIOS Name Service) are alternative methods of host identification that is triggered when DNS fails to resolve a name. In short, if a user were to attempt to connect to a host that DNS does not have stored, the next step would be to

Read More