@dafthack – WindowsTechs.com

HTML5 Storage Exfil via XSS – Tradecraft Security Weekly #23

Posted on January 12, 2018 by Paul Asadoorian

It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user’s session tokens enabling attackers to navigate a site as the vic… Continue reading HTML5 Storage Exfil via XSS – Tradecraft Security Weekly #23→

Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3

Posted on May 30, 2017 by Paul Asadoorian

Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Securit… Continue reading Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3→

Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

Posted on May 18, 2017 by Paul Asadoorian

In episode 2 of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses Windows privilege escalation techniques. There are many reasons why normal employees should not be local administrators of their own systems. Network administrators tend to l… Continue reading Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2→