Threat Blog

Filter By

Blind Command Injection Testing with Burp Collaborator

In this post we will demonstrate how Burp Collaborator can be leveraged for detecting and exploiting blind command injection vulnerabilities.

Read More
Aggressor PowerView

Tevora employs a lot of different tools depending on what our need is. During penetration tests and red teams one of the most common that is used i

Read More
5 Minute Forensics: Decoding PowerShell Payloads

Through consulting with several of our clients during IR engagements, we have discovered that several clients are taking steps to restrict and log PowerShell in their environment.

Read More
RTOps: Automating Redirector Deployment With Ansible

This blog will cover what redirectors are, why they are important for red teams, and how to automate their deployment with Ansible.

Read More
SecSmash: Leveraging Enterprise Tools for command execution, lateral movement and C2

We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows you to turn centralized management,

Read More
Release the Kraken: Starting Your Password Cracking Journey

Password cracking is a crucial part of a pentest. It can either lead you to the promised land, or stop you dead in your tracks.

Read More
Lay of the Land with Bloodhound

When I came across the tool BloodHound, it quickly became one of the go-to tools in my arsenal.

Read More
Eternal Blues

As pentesters, our job is to demonstrate the risk of unpatched vulnerabilities to the business.

Read More
Skip Cracking Responder Hashes and Relay Them

Responder is a go-to tool for most pentesters. We use it quite often on pentests to quickly gain access to a client’s domain.

Read More