Threat Blog

Filter By

Cracking NTLMv1 Handshakes with Crack.sh

This post will show how to crack NTLMv1 handshakes with the crack.

Read More
Apache and Java Information Disclosures Lead to Shells

During a recent Red-Team engagement, we discovered a series of information disclosures on a site allowing our team to go from zero access to full compromise in a matter of hours.

Read More
Gaining Code Execution with Injection on Java args

Recently on a pentest, we encountered a web application that allowed us to control command line args sent to the ‘java’ binary on the underlying server.

Read More
USB Drives, Desktop.ini, and NTLM hashes

USB dropping is one of those famous ‘hacker’ moves from the 2000’s that lives on in infamy.

Read More
A Valiant Effort at a Stealthy Backdoor

We will be discussing a technique that isn’t utilized too often anymore and has been around for many years, however appears to be forgotten.

Read More
Biscom Secure File Transfer Arbitrary File Download

Biscom Secure File Transfer is an application that gives the ability for companies to share files among users and focuses on being easy to use for the everyday user.

Read More
Penetration Testing with Splunk: Leveraging Splunk Admin Credentials to Own the Enterprise

Splunk has released an excellent blog post covering the best practices for deploying Splunk securely

Read More
Dissecting Veil-Evasion Powershell Payloads and Converting to a Bind Shell

There are many popular and powerful payloads available to us as penetration testers, and oftentimes we use them without fully understanding how they work.

Read More