A few months ago I ran into Wordpress on a penetration test. It was a generic web application security assessment, but in this case I was able to compromise the server and move into the internal network. I thought I’d take the compromise walk-through and turn it into a blog post for you guys today.…
Read more
Attacking Dell Foglight Server
I was just talking to someone a little while ago about how rarely I run into Postgres on pentests. I have however run a postgres based product called Foglight. Ok, so what is a Dell Foglight box? A while back I was on a pentest and ran into one of these. Let’s see…”Dell's application…
Read more
Using APT tactics and techniques in your pentests
I have a student that has been asking me about internal network penetration testing so I figured I'd write a blog post about it. I was trying to explain to him that there is so much more to it then just popping boxes. Breaking in a machine is easy, the moving around a network and…
Read more
Bypassing Restricted Environments
I just got an email from an old student that is doing a pentest and he asked me about pentesting restricted environments like locked down desktops, citrix, kiosks, etc. I figured I'd put together a blog post on the subject and if people like it I'll do some more blog posts that go deeper into…
Read more