Sans Core Netwars Tournament of Champions Europe
By Red Siege | August 9, 2021
From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]
Learn MoreUser Enumeration Part 3 – Windows
By Mike Saunders | April 16, 2020
This is the third installment in a series of blogs on user enumeration. In Part 1 – Building Name Lists, I talked about ways of building usernames from OSINT and […]
Learn MoreUser Enumeration Part 2 – Microsoft Office 365
By Mike Saunders | March 10, 2020
It’s not uncommon on external pen tests and red team engagements to find very little attack surface on the customer’s internet-facing networks. Customers have started shifting services to cloud providers, […]
Learn MoreUser Enumeration Part 1 – Building Name Lists
By Mike Saunders | January 30, 2020
A common part of pen tests – both network and web app – is password spraying. In order to do that, you need usernames. But how do you find out […]
Learn MoreFinding the silver lining in getting your teeth kicked in
By Mike Saunders | March 27, 2019
Lots of pen test and red team blogs follow the same model: we came, we saw, we conquered, blue team tears flowed. This is not one of those blogs. TL/DR; […]
Learn MoreSQLi Data Exfiltration via DNS
By Mike Saunders | November 30, 2018
Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate […]
Learn MoreCapturing SQL Server User Hash with SQLi
By Mike Saunders | September 5, 2018
On a recent external web app pen test, I found a possible SQL injection vulnerability using the Burp Scanner. One of the tests triggered an A record lookup for the […]
Learn More