Apr 25, 2025
Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I...
Apr 18, 2025
Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered:
- Checking for null session enumeration on domain controllers
- Enumerating systems with and without SMB signing
- Scraping AD user account descriptions
- Capturing hashes using...
Apr 11, 2025
Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented...
Apr 4, 2025
Hi friends, in this edition of what I’m working on this week:
- 3 pulse-pounding pentests that had…problems
- Something I’m calling the unshadow/reshadow credentials attack
- Heads-up on a new video experiment I’m going to try next week