Tool Tuesday: AttackForge
Welcome to the inaugural blog post for our Tool Tuesday! On the first Tuesday of each month one of our penetration testers will share a tool or software that they use or have used that they can’t live without. Engineer: James Carroll Tool: AttackForge Website: www.attackforge.com To kick off the the first Tool Tuesday post,…
Breaking Down the CRTO and OSEP
Author: Adam Pawloski Happy New Year everyone! I’ve recently passed the exams for the Offensive Security Experienced Penetration Tester (OSEP) and Certified Red Team Operator (CRTO) certifications and wanted to share my thoughts on the courses, how they relate to day-to-day work activities and how the courses compare. OSEP Course Content The OSEP is a…
Key Factors for Cyber Insurance Penetration Tests
We see it all the time, you go to renew your cyber insurance policy or apply for new converage and the carrier gives you a mile long checklist with one of those items being “have you had a penetration test done in the last X years”. If the answer to that question is no, you…
Continue Reading Key Factors for Cyber Insurance Penetration Tests
Using BrowserStack to Virtualize Mobile API Testing
Physical devices are cool and all, but how cool would it be to create virtual mobile infrastructure and install mobile applications on it. Better yet, how cool would it be to be able to do this, and also be able to redirect all the web traffic to the proxy of your choice for manual inspection…
Continue Reading Using BrowserStack to Virtualize Mobile API Testing
What’s Better? Penetration Testing vs. Red Teaming
A few years back, the concept of red teaming was all the rage and at the tip of the tongue of every information security professional. There’s are common misconceptions about red teaming and the term is often used interchangeable with penetration testing. This post will explain the 5 main differences between red teaming and penetration…
Continue Reading What’s Better? Penetration Testing vs. Red Teaming
Internal Pentesting Tools & Cheatsheet
I’ve had a lot of people emailing us asking for some of our common command usage for internal penetration testing engagements. This is a list from some of our internal notes that are great for beginners or administrators looking to gain some information from their own internal network. LDAPDomainDump Dumping all domain users ldapdomaindump -u…
An Introduction to Zoom Bombing
Zoom has been under the gun in recent weeks due to “cyberattacks” such as “zoom bombing”. Users have been flocking to alternative video conferencing solutions such as Microsoft Teams, WebEx, GoToMeeting, amongst others. I’m not going to go in depth here because these has been beaten to death by the media and I’m assuming if…
A Guide to Exploiting MS17-010 with Metasploit
One of the articles that I have written that got the most traction was the one regarding exploiting MS17-010 with Metasploit back in 2017. Well, things have changed, tools have changed, and methods have changed. Because of that, consider this the 2020 edition of that post. Metasploit has released three (3) modules that can exploit…
Continue Reading A Guide to Exploiting MS17-010 with Metasploit
Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)
We’ve found that MOTU AVB devices contain a directory traversal vulnerability. During testing, we were able to append characters to the end of the URL and manipulate the application to display local files. For example, when using the URL of http://<<host>>:1280/../../../../../../../../../../../../etc/passwd The application responds with the listing of the /etc/passwd file. The vendor has not…
Continue Reading Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)
SilentTrinity Beginners Guide
The exploit frameworks have come and go over the years. Meterpreter was excellent, easy, and effective (and actually still works on a lot of networks that I test!). Empire was great, however it is no longer supported albeit now being resurrected by BC-SECURITY over on Github. In the world of pentesting these tools are old…
SpecoWeb Directory Traversal (CVE-2021-32562)
SpecoWeb (presumably all versions or at least all versions that I have tested) is vulnerable to a directory traversal vulnerability. This vulnerability can be exploited using a browser and Burp Suite. Appending /../../../../../../../../../../../../etc/passwd at the end of a SpecoWeb URL discloses the hash values of all users. All affected instances that have been tested thus…
Continue Reading SpecoWeb Directory Traversal (CVE-2021-32562)
How to Pivot with Meterpreter and Proxychains
During an external engagement recently, I encountered a ColdFusion server was vulnerable to the BlazeDS Vulnerability which allows remote code execution. I stumbled upon the article written by Brett DeWall at WhiteOak, which has a great write up of this vulnerability and how to exploit it which can be found here https://www.whiteoaksecurity.com/2019-9-3-blazeds-java-object-deserialization-exploit-walkthrough/. I followed this write…
Continue Reading How to Pivot with Meterpreter and Proxychains
Why MSP’s need a Penetration Testing Partner
With the number of MSP’s on the rise and new players entering the market seemingly every day, the challenge arises to differentiate and compete with both similar sized and national sized MSP’s. MSP’s are seeking ways to provide more value, offer new and exciting services and find ways to augment their staff with expert capabilities.…
Continue Reading Why MSP’s need a Penetration Testing Partner
Introducing the ALLYGN Partner Program
SYRACUSE, NY – Hacket Cyber is pleased to announce the release of their ALLYGN partner program. This program is designed to augment the capabilities of MSP’s, MSSP’s, VAR’s and CPA firms. This program provides all the relevant training, marketing, sales and operational support needed to successfully maintain a healthy and functional relationship with our expert…