Category Archives: Uncategorized

Hacker Weekend Warrior Training Program | This is a full month of Network Penetration Testing, Web App Penetration Testing, Malware Analysis,

Compromising WordPress and pivoting to the Internal Network

A few months ago I ran into Wordpress on a penetration test. It was a generic web application security assessment, but in this case I was able to compromise the server and move into the internal network. I thought I’d take the compromise walk-through and turn it into a blog post for you guys today.…
Read more

Attacking Dell Foglight Server

I was just talking to someone a little while ago about how rarely I run into Postgres on pentests.  I have however run a postgres based product called Foglight. Ok, so what is a Dell Foglight box? A while back I was on a pentest and ran into one of these.   Let’s see…”Dell's application…
Read more

Using APT tactics and techniques in your pentests

I have a student that has been asking me about internal network penetration testing so I figured I'd write a blog post about it. I was trying to explain to him that there is so much more to it then just popping boxes. Breaking in a machine is easy, the moving around a network and…
Read more

Bypassing Restricted Environments

I just got an email from an old student that is doing a pentest and he asked me about pentesting restricted environments like locked down desktops, citrix, kiosks, etc. I figured I'd put together a blog post on the subject and if people like it I'll do some more blog posts that go deeper into…
Read more