Collaborate Disseminate
There are those rare times during pen tests, when you are on a client’s network and you don’t have any valid domain credentials but you do have local admin on a windows device joined to the client’s domain. Perhaps you’ve … Continue reading Computers are People Too
Part of testing Android mobile applications is proxying traffic, just like other web applications. However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections. Unless the application wa… Continue reading Android App Testing on Chromebooks
Often, one of the main goals of a pen tester is to get Domain Admin (DA) rights in a client’s Windows network. But why do we want to get that level of access? For some, it may just be the satisfaction of navigating far enough to compromise … Continue reading Watching yOUr Permissions
Time is never on your side when you’re onsite with a client and trying to get the first good foothold, with admin privileges, can seem impossible. However, some things seem to work more often than others. One of my current, favorite methods… Continue reading Ever Run a Relay? Why SMB Relays Should Be On Your Mind