Categories
active directory red teaming

Spray and Pray

One form of brute forcing is called "Password Spraying". This form of attack is somewhat the inverse of the traditional form of brute forcing. Instead of using a few or even one username with a wordlist for potential passwords, password spraying makes use of a list of usernames with a few choice passwords. For the […]

Categories
red teaming

Shout-out to the Slack Shellbot

After working on the Slacking off with sqlmap post, I began to look for other ways that Slack’s webhooks could be helpful in assessments. I stumbled across this post written by Russel Van Tuyl, where he described how to integrate these webhooks to notify him when a shell is received either in Metasploit or PowerShell […]

Categories
web assessments

Slacking off with sqlmap

When working through web assessments, it becomes apparent real quick that automating some of your scans/setup can be a solid strategy. One efficient way of being notified of different results from your scans is through the use of Slack’s webhooks. This post was inspired by Kamil Vavra’s post found here, and recounts how these webhooks […]