by admin | Apr 9, 2015 | Uncategorized
Another tool that is part of the Powersploit toolkit mentioned earlier is Get-GPPPassword. One way to add a user (or change a password) for many users in a domain is through Group Policy Preferences (GPP). This essentially adds a GPO to the domain with a username and...
by admin | Apr 3, 2015 | Uncategorized
Sometimes during testing, you need to send custom created packets. This is just a short post for two tools that I recommend: Colasoft The Colasoft Packet Builder is a neat GUI tool for Windows that makes packet replay easy. You can create customized IP packets, or...
by admin | Mar 19, 2015 | Uncategorized
I am a big fan of using meterpreter as a post compromise payload. It has so many tools that makes all the next steps so much easier. The problem is, every antivirus out there will catch meterpreter. Metasploit comes with a handy obfuscator, but even that always...
by admin | Mar 12, 2015 | Uncategorized
The powershell execution policy can be limiting. Find out what yours is by entering powershell and typing Get-ExecutionPolicy: If the policy is set to Restricted, that means scripts are not allowed. Only the interactive shell is allowed. The obvious thing to do is...
by admin | Mar 5, 2015 | Uncategorized
Powershell has recently come into the spotlight as more than just a sysadmin tool, but a great cyber security tool. This was emphasized by many of the popular hacker cons this last year. One incredibly useful tool is Powersploit. It is a set of powershell scripts...
by admin | Oct 1, 2014 | Uncategorized
Shellshock is a vulnerability reminiscent of Heartbleed. The large majority of servers on the internet are vulnerable, and the vulnerability has existed for a long time before it was publicly discovered. There are a number of CVE’s for different Shellshock attacks,...
