Compromising WordPress and pivoting to the Internal Network
joemccray
A few months ago I ran into WordPress on a penetration test. It was a generic web application security assessment, but in this case I was able to compromise the server and move into the internal network. I thought I’d take the compromise walk-through and …
Attacking Dell Foglight Server
I was just talking to someone a little while ago about how rarely I run into Postgres on pentests. I have however run a postgres based product called Foglight. Ok, so what is a Dell Foglight box? A while back I was on a pentest …
Using APT tactics and techniques in your pentests
I have a student that has been asking me about internal network penetration testing so I figured I’d write a blog post about it. I was trying to explain to him that there is so much more to it then just popping boxes. Breaking in …
Bypassing Restricted Environments
I just got an email from an old student that is doing a pentest and he asked me about pentesting restricted environments like locked down desktops, citrix, kiosks, etc. I figured I’d put together a blog post on the subject and if people like it …
