Exchange 2013 or later fails to properly authenticate and validate certain requests, allowing a remote attacker with access to an Exchange mailbox to gain full Domain Administrative privileges.
Read more

Reporting might sound like an odd place to start a pentest. When most well-known pentesters say that reporting is one of the most important parts of the test, you tend to sit up and take notice.
Read more

I suggest putting these in your incoming mail filters to get alerts for possible ransom attacks. The recent spat of email-based bomb threats all contained wallet addresses.
Read more

In my never-ending quest to learn more about hacking in general, I’ve decided to take on a personal project and bone up on the skills required for penetration testing.
Read more

Here is a summary of some secure file sharing tips culled from Twitter thread over the weekend.
Read more

I was given the opportunity to run some tests against the wireless infrastructure at my office. The actual scenario is to deploy a rogue access point and start gathering intel on the organization. But I decided to take this a step further and do some pre-work to make a convincing rogue AP. What follows is my initial framework that I developed researching how to crack a WPA/WPA2 pre-shared key network. I’ll revisit this and improve on it as I gain more experience.
Read more

Here are some tips for unmasking a site hosted behind CloudFlare. YMMV as I have not yet tested these.
Read more

Here’s a list of security conferences and events within a few hours drive of Greenville, SC. I am amazed at the number of B-Sides in the area after living at least 6 hours away from EVERYTHING for so long.
Read more

The great Google purge continues with two minor steps forward.
Read more

November is Critical Infrastructure Security & Resilience Month – so what does that mean to you? To me – it means make a difference where you can.
Read more