On a recent internal penetration test, the clients goals were to gauge what an internal user or attacker could achieve with user level access to their network. In these cases you want to look for known exploits, weak passwords and miss-configurations. This one fell into the miss-configuration bucket. Its not an issue with the software […]
In the last post https://www.cyberguider.com/bypassing-windows-defender-the-tedious-way/ we found that Windows Defender uses a black list to stop known hacking tools such as Mimikatz. We were able to easily bypass the restriction with some word replacements but it took time, trail and error. In this post we are going to make that process much easier. As with […]
I was on a penetration test when i was able to acquire a set of admin credentials. This wasn’t a red team engagement, so there was no issues lighting up their AV with some of our tools but I always try to stay as silent as possible until close to the end or the assessment. […]
Most of the time I’m binge watching Netflix, Amazon Prime, Hulu, or some other instant gratification media platform. But on the rare occasion that I’m out in these streets and talking to other professionals, the conversation always ends up at “So what do you do?”. I guess this is one of the default topics of […]
The average computer user does not think much about the amount of information he or she shares with others whether in-person, online or at random venues. They just want to be seen and heard because that is how the world works now. If you are not connected to a social media entity, you, my friend, […]
Often times as information technology (IT) security professionals (a.k.a. Security Pros), we meet others who are interested in what we do for a living. The transfer of knowledge serves as a good way to promote IT security and often kick-starts an impromptu IT security awareness discussion. However this brings more than its average share of […]
