Exploit types

  • Phishing, SQL, Brute Force DDOS

Teaming

  • Red teams, blue teams, purple teams

k 

 

Pen testing tools

open source, enterprise, or an arsenal

Vulnerability scanning

 

Pen testing services

 

Pen Test Pivoting

If testing your antivirus program or other applications sounds silly, then consider this your wake-up call.

Just because you’ve bought something to protect your services, doesn’t mean it’s a surefire way to protect your data. System applications, embedded applications, games and more are not invincible either. It’s safe to assume that the protection services you have in place have loopholes that bad actors know about and are just one step away from obtaining data.

We are pleased to announce the official release of Core Impact Pro 2016 R1.2. More than 46 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements.

Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account. Your mission: do something with the system that will attract the attention of someone with administrator credentials and make them log into the system WITHOUT setting off enough alarm bells to trigger a full blown incident response.

What if I told you that in most networks these days, you don’t have to bother with cracking the passwords? With most networks with Active Directory, you can use the stored hash obtained via Mimikatz or a WPAD attack to authenticate. How, you may ask? It’s because of the wondrous bit of mis-engineering that is the Windows NT Login Challenge and Response. I’m going to dive into this a bit, so that we understand just what it is that we’re exploiting.

Are you using penetration testing in your cyber-security tool kit? Why not?! Penetration testing, or pen-testing, is one of the most important tools to not only find the holes in your network but to prioritize them for remediation. Keep reading for the 10 reasons you should be pen-testing.

Dropped USB flash drives are still effective means for getting into networks. The goal of this post is to give you a bit of a hands on lab and show you some tricks for actually conducting USB drop attacks, including how to prepare the payload using Core Impact.

USB drop attacks are a bit of a performance art form. You need to build an enticing story that’ll make the discoverers of the drop, whom I will refer to as ‘The Marks’, curious enough to override common sense and plug in the stick to figure out what’s on it.

 In the past, penetration testing was a fancy name for breaking through a network firewall. However, as technology advances and breaches become even more dangerous – costing an average of £2.53 million, according to research sponsored by IBM – security executives need to revisit pen testing to make sure it is an ongoing practice in their defense arsenals.

5 Security Tips

It is that special time of the year, Black Hat, when all of our friends are gathered together in Vegas to see just what hacks, exploits, tips and tricks there are for us to be concerned about. As a cyber-security specialist, it’s the most wonderful time of the year. However, for consumers and business owners, it is the reminder that what you thought was safely tucked away is actually only a moment away from being breached. On the heels of the Democratic Party’s email breach and the proliferation of hacking in mainstream media with Mr.

We are pleased to announce the official release of Core Impact Pro 2016 R1.1. More than 83 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements. This release includes:

Subscribe to Penetration Testing