The GNU Radio Foundation recently teamed up with the UC Berkeley SETI Research Center and the Breakthrough Listen project to sponsor the SETI RF Hackathon, an unprecedented wireless hackathon event. Encompassing the ultimate in Internet-of-Things (IoT) and signals hacking, professionals specializing in machine learning, radio frequency (RF), and cyber security converged at the Allen Telescope Array in California in May…. Read More
External penetration testing reconnaissance is a critical first step in a professional security assessment. By using the same methods and resources that attackers use to get into networks, along with open source intelligence, pen testers can get a much richer profile of an organization’s security strengths and weaknesses and conduct more successful and accurate assessments. In… Read More
In this post, we’ll take look at one of the latest hacking techniques involving PowerPoint and the mouseover action. Check out our demo video to see the technique in action. The PowerPoint mouseover technique disrupts a decade’s worth of user awareness education. As security professionals, we constantly warn employees to be aware of phishing emails with malicious links… Read More
For the final blog post in our series on lessons learned from 2016 security assessments, we’ll discuss a high-risk issue our penetration testers and consultants often come across: filtering malicious emails. In our assessments, sending phishing emails with malicious payloads or links is the most common method we use to get initial access to a network…. Read More
In our previous blog posts, we demonstrated how important it is for penetration testers to get credentials that grant administrative access over hosts within the organization to escalate their permissions. This week, we will discuss a relatively recent privilege escalation technique known as Kerberoasting, which pen testers and malicious hackers can use to crack weak network service account… Read More
Accessing Clear Text Administrative Passwords In our last blog post, we showed how pen testers can use misconfigurations within Active Directory group management to escalate privileges. However, that technique is heavily dependent on having access to privileged or misconfigured accounts in the first place. This week, we discuss another finding that we frequently take advantage of… Read More