pentesting – Page 4 – WindowsTechs.com

Devoops: Nomad with raw_exec enabled

Posted on December 16, 2019 by Unknown

“Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, micro… Continue reading Devoops: Nomad with raw_exec enabled→

Team Pentesting – The Unspoken Reality of Career Ethical Hacking

Posted on November 18, 2019 by thecybermentor

As a professional penetration tester, there’s one thing that rarely if ever gets discussed. Is it that the common image of a hacker, the lone wolf pounding away on a keyboard in a dark room only taking breaks for caffeine and cold pizza and, of … Continue reading Team Pentesting – The Unspoken Reality of Career Ethical Hacking→

A Briefcase Pentesting Rig For The Discerning Hacker

Posted on July 3, 2019 by Tom Nardi

In the movies, the most-high tech stuff is always built into a briefcase. It doesn’t whether whether it’s some spy gear or the command and control system for a orbiting weapons platform; when an ordinary-looking briefcase is opened up and there’s an LCD display in the top half, you know …read more

Continue reading A Briefcase Pentesting Rig For The Discerning Hacker→

AttackDefense Labs Platform – Paul’s Security Weekly #609

Posted on June 21, 2019 by Security Weekly Productions

We interview Vivek Ramachandran, who is the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your… Continue reading AttackDefense Labs Platform – Paul’s Security Weekly #609→

Computers are People Too

Posted on June 21, 2019 by Eric Kuehn

There are those rare times during pen tests, when you are on a client’s network and you don’t have any valid domain credentials but you do have local admin on a windows device joined to the client’s domain. Perhaps you’ve … Continue reading Computers are People Too→

Jenkins – CVE-2018-1000600 PoC

Posted on March 5, 2019 by CG

second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRFhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-915This affec… Continue reading Jenkins – CVE-2018-1000600 PoC→

Android App Testing on Chromebooks

Posted on February 28, 2019 by Eric Kuehn

Part of testing Android mobile applications is proxying traffic, just like other web applications. However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections. Unless the application wa… Continue reading Android App Testing on Chromebooks→

Jenkins Master Post

Posted on February 27, 2019 by CG

A collection of posts on attacking Jenkinshttp://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.htmlManipulating build steps to get RCEhttps://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2… Continue reading Jenkins Master Post→

Jenkins – messing with exploits pt2 – CVE-2019-1003000

Posted on February 27, 2019 by CG

After the release of Orange Tsai’s exploit for Jenkins. I’ve been doing some poking. PreAuth RCE against Jenkins is something everyone wants.
While not totally related to the blog post and tweet the following exploit came up while searching.
What I hav… Continue reading Jenkins – messing with exploits pt2 – CVE-2019-1003000→

Jenkins – messing with new exploits pt1

Posted on February 26, 2019 by CG

Jenkins notes for:https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlto download old jenkins WAR fileshttp://updates.jenkins-ci.org/down… Continue reading Jenkins – messing with new exploits pt1→