by Ric | Sep 6, 2020 | Blog, Cloud, Herramientas / tools
Beau recomienda no re-utilizar infraestructura y la única manera de lograr esto es con cloud ja. Hay un linea donde OPSEC es suficientemente buena pero sin exagerar, por ejemplo, no tienes que pagar cosas con bitcoin para evitar ser rastreado por el FBI ja. Tienes que...
by Ric | Aug 26, 2020 | Blog, Cloud
Scanning in the cloud Es rápido pero es muy obvio en caso de red teaming Scoutsuite (puedes usar cloudgout como prueba) WeirdAAL Privesc scanner PrivEsc Scanner de PACU Azure StormSpotter SkyArk Port Scanning Cloud VMs can still have vulnerabilities anc can be an...
by Ric | Aug 25, 2020 | Blog, Cloud
Gaining Access review Que tienen la organización la nube? Que método tienen hybrid? All cloud? Solo para unas resources Situational Awareness Una cez adentro, que credenciales tienes? Que roles? Hay MFA? A que sistemas podemos acceder? Quienes son los admins? Como...
by Ric | Jul 1, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
FireProx Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required...
by Ric | May 20, 2020 | Blog, Herramientas / tools
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by...
by Ric | Mar 26, 2020 | Blog, Herramientas / tools
At its core, Inveigh is a .NET packet sniffer that listens for and responds to LLMNR/mDNS/NBNS/DNS requests while also capturing incoming NTLMv1/NTLMv2 authentication attempts over the Windows SMB service. The primary advantage of this packet sniffing method on...