Categories
active directory red teaming

Spray and Pray

One form of brute forcing is called "Password Spraying". This form of attack is somewhat the inverse of the traditional form of brute forcing. Instead of using a few or even one username with a wordlist for potential passwords, password spraying makes use of a list of usernames with a few choice passwords. For the […]

Categories
red teaming

Shout-out to the Slack Shellbot

After working on the Slacking off with sqlmap post, I began to look for other ways that Slack’s webhooks could be helpful in assessments. I stumbled across this post written by Russel Van Tuyl, where he described how to integrate these webhooks to notify him when a shell is received either in Metasploit or PowerShell […]

Categories
red teaming

Pivoting Down the Rabbit Hole

I remember one of the first security competitions I did when in school, our team was beat out by the team that was able to pivot within the environment of intentionally vulnerable systems. Since then I’ve been able to learn some of ways that you can move between systems. This post documents a few different […]