Before diving into a new tool or technique, it’s important to understand the underlying technology. In this post we explain the basic principles of Command and Control traffic. Following posts will apply these principles with examples from PowerShell Empire.
Having visibility and control over your penetration testing lab environment is a key component in its effectiveness as a training and research tool. To provide this to our customers, we recently rolled out a lab dashboard application with deep hooks into the underlying AWS infrastructure of our lab environments.
Sharing passwords across privileged accounts is a problem faced by many organizations. We developed a tool to help address the issue that identifies shared passwords between lexically similar accounts: Invoke-PWAudit.
We explore some different data sources and methods for OSINT using entirely offline data. There are some interesting advantages (and disadvantages) of using offline OSINT…
While exploring some new OSINT data sources and techniques, we realized we had an easy way to identify an enormous number of domains that were vulnerable to takeover attacks.
Beef up the realism in your lab environment with simulated users. Invoke-UserSimulator mimicks active users in a corporate environment browsing the internet, mapping file shares, and opening email.
We recently worked with the Drexel's cyber security club in preparation for this years CCDC. They were able to test their strategy and practice in our lab, and we got some awesome feedback.
We’re proud to announce our brand new penetration testing lab offerings. Here’s what we’re all about.