Tevora Threat Blog

Filter By

RTOps: Automating Redirector Deployment With Ansible

This blog will cover what redirectors are, why they are important for red teams, and how to automate their deployment with Ansible.

Read More
SecSmash: Leveraging Enterprise Tools

We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows you to turn centralized management,

Read More
Release the Kraken: Starting Your Password Cracking Journey

Password cracking is a crucial part of a pentest. It can either lead you to the promised land, or stop you dead in your tracks.

Read More
Lay of the Land with Bloodhound

When I came across the tool BloodHound, it quickly became one of the go-to tools in my arsenal.

Read More
Eternal Blues

As pentesters, our job is to demonstrate the risk of unpatched vulnerabilities to the business.

Read More
Skip Cracking Responder Hashes and Relay Them

Responder is a go-to tool for most pentesters. We use it quite often on pentests to quickly gain access to a client’s domain.

Read More
Cracking NTLMv1 Handshakes with Crack.sh

This post will show how to crack NTLMv1 handshakes with the crack.

Read More
Apache and Java Information Disclosures Lead to Shells

During a recent Red-Team engagement, we discovered a series of information disclosures on a site allowing our team to go from zero access to full compromise in a matter of hours.

Read More
Gaining Code Execution with Injection on Java args

Recently on a pentest, we encountered a web application that allowed us to control command line args sent to the ‘java’ binary on the underlying server.

Read More