Showing 9 results for: December 2012 ×Penetration Testing ×

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've had the makings of a career consultant - different client each week, different city, different nature of work. It's been a long...

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and Security B-Sides Seattle. The combination of some of those talks succeeded in keeping some persistent issues alive in the hopes of finding a solution....

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a corporation's networks should be how to analyze network capture files (PCAP files) obtained from sniffers. Putting a sniffer on the network can not...

You down with LNK?

Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On a recent test, I got ahold of an account like this through various means of hackery. It didn't have local admin anywhere, it wasn't...

My 5 Top Ways to Escalate Privileges

During a penetration test, rarely will the tester get access to a system with the administrator privileges in the first attempt. You are almost always required to use privilege escalation techniques to achieve the penetration test goals. Several people have...

Abusing SAP Servers

During some recent penetration tests I have noticed that large companies have many similarities in their IT infrastructures. One of the things that caught my attention was that quite a few of these companies have SAP systems on their networks....

How to Hack and Not Get Caught

The following thoughts on internal network penetration strategies are drawn from "OPFOR 4Ever," which I'll be presenting later this week with my colleague Chris Pogue at Microsoft's BlueHat Security Conference. Network penetration testers love to complain about the unrealistic scope...