Education
Everything is 1337! Everyone hacks everything with no sweat, all networks are taken down by cyber magic… or maybe not….
Let’s look at some business realities, shall we? Read more “Cyber Security Testing Myths vs Realities”
Education
Honestly, it feels weird writing this, however I feel there’s a real issue with penetration testing and some myths that (for understandable and obvious reasons) exist in some people’s minds. So I’ve taken to trying to explain to people what an external penetration test actually entails in the real world of business. So here goes!
Read more “Infrastructure Penetration Testing Realities”
Education
The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).
Why do we care about NMAP, surely everyone knows how to NMAP?
Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.
Port scanning and fingerprinting let alone leaking sensitive data and conducting “attacks” is all possible. You can do a basic vulnerability scan with nmap alone!
Read more “Nmap & CrackMapExec (CME)”
Guides
How long should you test brute force password attempts for?
Well, a recent Microsoft report showed the average RDP brute force attack over the internet lasted about 3 days. Now let’s take a look at what a single attacker machine (IP) can send to a single target server over a well-connected network (1GBE low latency):
Read more “I AM BRUTE”
Hacking
When you gain access to a target node you will want to explore, the exact method you use to do this will depend upon operational security considerations, time constraints and style. You will be looking for a range of elements to support progressing an objective.
It should be noted that the objective may NOT require elevation. You may be trying to obtain data and access might already be possible using the context you have assumed.
You also may need to move from a www-data user to a named user account or get to root level of access. If so there’s a range of questions we should be asking ourselves:
Read more “Linux Privilege Escalation”
Education
You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.
A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.
The install process is simple, log into your account on tenable community portal and download the relevant installation package.
Read more “Installing Nessus Pro on Kali Linux”
Hacking
Ok imagine this, you have got access to a file server and behold you find an unsecured, unencrypted backup of a domain controller (this isn’t made up I find these in networks sometimes!) and you yoink the NTDS.dit (or maybe it’s just a workstation SAM/SYSTEM file), you extract the hashes but now what, you need to crack those bad boys!
Check out the MS docs on how NT or LM Hashes are computed(hashed)! – (thanks @ANeilan for spotting my mistake!)
[MS-SAMR]: Encrypting an NT or LM Hash | Microsoft Docs
Read more “How to Crack NTHASH (commonly referred to as NTLM) password hashes?”
Guides
Sales darling, it’s all about sales. It’s a harsh but true part of the world where you need to be able to sell. I’m not talking about business to business or hunters, farmers etc. I’m talking about being able to sell to someone that you are the right person to help them and their organisation.
Now this isn’t easy in the middle or tail end of a career let alone when you are starting off. But let’s for a minute role play and look at what I would do if I was new to the cyber world and was looking for a role?
This isn’t meant as a guide, it’s off the back of a convo I’ve just had with someone struggling in the job-hunting space. So, it’s a rough brain dump from me. The key thing I would say is: Read more “If I was looking for entry level jobs in cyber security – what would I do?”
Defense
Penetration testing is the activity of conducting security testing with the aim of identifying and exploiting vulnerabilities to identify strengths and weaknesses. I include strengths because I believe it’s important for security testing to promote both positive and negative findings. I also think that there is a huge mis conception with what penetration is, what it helps with and how to best get value from a penetration test.
My definition isn’t too far from the NCSC one: https://www.ncsc.gov.uk/information/check-penetration-testing
A penetration test is a security assurance activity, but it’s one of many activities that I recommend people conduct. This is however largely only adopted by the few, for many a penetration test is a compliance tick box, either from a regulatory or contractual requirement.
When looking at a system a penetration test is not usually the most efficient starting point, especially if it’s from a black box perspective. Read more “Penetration Testing”
Guides
Whilst I was on ‘holiday’ (seriously even when on holiday I almost always must do some work!) a few Windows vulnerabilities were published. Great work by Gilles Lionel, Benjamin Delpy and many many others!
You do not need any domain credentials to conduct this exploit chain, so from a network adjacent unauthenticated position you can get DA with the right circumstances (default configuration). Read more “From Zero to DA using ‘PetitPotam’”