Hi friends, in this edition of what I'm working on this week: 3 pulse-pounding pentests that had...problems Something I'm calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I'm going to try next week

 Hola friends! Today's tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump - for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action 'write' -rights 'FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip [...]

 Hey friends, our good buddy Joe "The Machine" Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you - whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager - tremendous resource for [...]

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space - for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager!  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise).  I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help [...]