pentesting

Computers are People Too

There are those rare times during pen tests, when you are on a client’s network and you don’t have any valid domain credentials but you do have local admin on a windows device joined to the client’s domain.  Perhaps you’ve exploited a vulnerability on a system that grants you local admin rights. Or maybe you’re …

Computers are People Too Read More »

Automating Red Team Homelabs: Part 2 – Build, Pentest, Destroy, and Repeat

As of 2019-05-14 the Funny Stories section has been updated. Now that we understand what the goal is from my first blog post, we can move into the good stuff! The packer build process is pretty much the whole reason I embarked on this journey of automation. I got tired of installing kali from an …

Automating Red Team Homelabs: Part 2 – Build, Pentest, Destroy, and Repeat Read More »

Android App Testing on Chromebooks

Part of testing Android mobile applications is proxying traffic, just like other web applications.  However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections.  Unless the application was written to trust these CAs, we have no way of viewing the https traffic being passed between the client …

Android App Testing on Chromebooks Read More »

A Container Hacker’s Guide to Living Off of the Land

Sometimes as a pentester you find yourself in tricky situations. Depending on the type of engagement, you might want to try to avoid making a lot of noise on the network if possible. This blog post is going to talk about two techniques to use to gather information on your target while avoiding making too …

A Container Hacker’s Guide to Living Off of the Land Read More »

Scroll to Top