Collaborate Disseminate
Over 27% of all websites globally run WordPress. This makes WordPress a very highly targeted piece of software. There are numbers of different aspects to consider when attempting to discover vulnerabilities in WordPress. In this episode of Tradecraft S… Continue reading WordPress Vulnerability Discovery and Exploitation – Tradecraft Security Weekly #6
Compromising the credentials of users in an Active Directory environment can assist in providing new possibilities for pivoting around the network. It allows for additional access to various network resources like shares, email and other systems. In this week’s episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses how to perform password spraying attacks using Continue reading Password Spraying Windows Active Directory Accounts – Tradecraft Security Weekly #5
It is common for organizations to proxy web traffic so they can place restrictions on what websites can be visited by employees. To make the management of allowing or denying access to a large number of sites easier many web proxies utilize categorizat… Continue reading Meterpreter with Categorized Domains & Trusted Certs – Tradecraft Security Weekly #4
Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Securit… Continue reading Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3
In episode 2 of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses Windows privilege escalation techniques. There are many reasons why normal employees should not be local administrators of their own systems. Network administrators tend to l… Continue reading Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2