Category: Penetration Testing

Search
senior leaders managing red team exercise

How Senior Leaders Navigate the World of Red Team Exercises

Cybersecurity threats have become increasingly sophisticated and pervasive. As a senior leader, it is crucial to ensure that your organization has robust defenses in place to protect its sensitive data and systems from potential breaches. One powerful way to assess the effectiveness of these security measures is by regularly conducting

Read More

Hunting for Open S3 Buckets and Sensitive Data

Mitre ATT&CK Technique ID Data from Cloud Storage Object T1530 Buckets? S3, first introduced in 2006, is one of Amazon Web Services’ most popular services. This simple and fast cloud object solution has undoubtedly made development, file sharing, content-delivery, and much more seamless for its users across the years. However,

Read More

First Steps After Compromise: Enumerating Active Directory

Mitre ATT&CK Technique ID Account Discovery: Domain Account T1087.002 Active Directory is a platform that has received plenty of attention from adversaries and operators over the years. It has a rich history of exploitation methodologies, and new abuse mechanisms regularly released by security researchers. Combine these factors with its prevalence

Read More

Finding Leaked Passwords with Dehashed

Password Breach Data Mitre ATT&CK Technique ID Brute Force: Credential Stuffing T1110.004 Every year countless data breaches occur. From 700 Million LinkedIn users’ information getting leaked sometime between 2020 and 2021 to at least 500 million Yahoo accounts information being breached in 2014, to the notable 2017 Equifax data breach, which

Read More

What is Password Spraying and How Does It Work?

Password Spraying Mitre ATT&CK Technique ID Brute Force: Password Spraying T1110.003 Password spraying is the process of brute-force guessing passwords against a list of accounts, either externally or internally. Adversaries use this tactic to attempt to establish initial access within an organization and/or laterally move to alternate identities within a network.

Read More

Kerberoasting 101: Hacking Service Accounts

Kerberoasting Mitre ATT&CK Technique ID Steal or Forge Kerberos Tickets: Kerberoasting T1558.003 What is it? Kerberoasting is the attack that keeps on giving for adversaries and penesters alike. First documented in 2014 by Tim Medin, Kerberoasting is a tactic that can be used after an initial compromise to gain access to

Read More

How Do “Pass-the-Hash” Attacks Work?

Pass the Hash Mitre ATT&CK Technique ID Use Alternate Authentication Material: Pass the Hash T1550.002 What is it? Passing the hash is a technique that adversaries commonly use within an internal network environment to laterally move across hosts. Let’s say that an adversary has compromised an initial host through a phishing

Read More

How to Compromise AWS Using the Metadata Service

Mitre ATT&CK Technique ID Unsecured Credentials: Cloud Instance Metadata API T1552.005   The AWS Metadata service facilitates information access for applications running on a given EC2 instance. This is provided to aid the configuration and management of tooling and is accessible only by the instance itself. Per Amazon: Since it first

Read More
Scout Suite Blog

How to Use ScoutSuite for AWS Security Baselining

ScoutSuite Introduction ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to write a quick guide on getting it configured and running it in your own environment. The data and reports it

Read More