Hacking

Stealthy Active Directory Username Enumeration with LDAPNomNom

My friend Lars and I were just talking about some of the research areas we are working on and randomly the conversation turned into “what shall we call it?” and then LDAPNomNom came up! So I whilst laughing (coz the name is lulz) with my buddy I downloaded and ran LDAPNomNom against a lab vm quickly! (Lars also fixed an error with readme.md that I pointed out coz my debug skillz ROCK! šŸ˜› )

So here we have me doing username enumeration via LDAP Ping using LDAPNOMNOM!

Read more “Stealthy Active Directory Username Enumeration with LDAPNomNom”
Guides

Practical Security Assurance

Penetration testing, adversary simulation, red teaming, purple teaming, rainbow teaming, call if what you like, the security outcome we are working towards is:

  • Improved Security Posture
  • Assurance of security investments and controls
  • Enablement of information sharing
  • Collaboration and Understanding
  • Identification of strengths and weaknesses
  • Optimization and Improvement Opportunities

This is to support the organisations mission, vision, goals, and objectives. Cyber security is to support and enable the organisation’s capability to execute digital services in a safe manner.

Read more “Practical Security Assurance”
Education

Infrastructure Penetration Testing Realities

Penetration testing is just like being a cybercriminal, right?

Honestly, it feels weird writing this, however I feel there’s a real issue with penetration testing and some myths that (for understandable and obvious reasons) exist in some people’s minds. So I’ve taken to trying to explain to people what an external penetration test actually entails in the real world of business. So here goes!

Read more “Infrastructure Penetration Testing Realities”
Education

Nmap & CrackMapExec (CME)

The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).

Why do we care about NMAP, surely everyone knows how to NMAP?

Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.

Port scanning and fingerprinting let alone leaking sensitive data and conducting ā€œattacksā€ is all possible. You can do a basic vulnerability scan with nmap alone!

Read more “Nmap & CrackMapExec (CME)”
Guides

I AM BRUTE

How long should you test brute force password attempts for?

Well, a recent Microsoft report showed the average RDP brute force attack over the internet lasted about 3 days. Now let’s take a look at what a single attacker machine (IP) can send to a single target server over a well-connected network (1GBE low latency):

Read more “I AM BRUTE”