Penetration Testing

Hunting for Open S3 Buckets and Sensitive Data

Mitre ATT&CK Technique ID Data from Cloud Storage Object T1530 Buckets? S3, first introduced in 2006, is one of Amazon Web Services' most popular services. This simple and fast cloud [...]

By Asher Andree|2022-11-03T14:13:25+00:00October 24th, 2022|Penetration Testing|0 Comments

First Steps After Compromise: Enumerating Active Directory

Mitre ATT&CK Technique ID Account Discovery: Domain Account T1087.002 Active Directory is a platform that has received plenty of attention from adversaries and operators over the years. It has a [...]

By Asher Andree|2022-12-05T20:46:53+00:00October 21st, 2022|Penetration Testing|0 Comments

Finding Leaked Passwords with Dehashed

Password Breach Data Mitre ATT&CK Technique ID Brute Force: Credential Stuffing T1110.004 Every year countless data breaches occur. From 700 Million LinkedIn users' information getting leaked sometime between 2020 and 2021 [...]

By Asher Andree|2022-12-05T20:46:49+00:00October 14th, 2022|Penetration Testing|0 Comments

What is Password Spraying and How Does It Work?

Password Spraying Mitre ATT&CK Technique ID Brute Force: Password Spraying T1110.003 Password spraying is the process of brute-force guessing passwords against a list of accounts, either externally or internally. Adversaries use [...]

By Asher Andree|2022-11-03T14:13:17+00:00October 12th, 2022|Penetration Testing|0 Comments

Kerberoasting 101: Hacking Service Accounts

Kerberoasting Mitre ATT&CK Technique ID Steal or Forge Kerberos Tickets: Kerberoasting T1558.003 What is it? Kerberoasting is the attack that keeps on giving for adversaries and penesters alike. First documented in [...]

By Asher Andree|2022-11-03T14:13:15+00:00October 10th, 2022|Penetration Testing|0 Comments

How Do “Pass-the-Hash” Attacks Work?

Pass the Hash Mitre ATT&CK Technique ID Use Alternate Authentication Material: Pass the Hash T1550.002 What is it? Passing the hash is a technique that adversaries commonly use within an internal [...]

By Asher Andree|2022-11-03T14:13:13+00:00October 5th, 2022|Penetration Testing|0 Comments

How to Compromise AWS Using the Metadata Service

Mitre ATT&CK Technique ID Unsecured Credentials: Cloud Instance Metadata API T1552.005 The AWS Metadata service facilitates information access for applications running on a given EC2 instance. This is provided to [...]

By Asher Andree|2022-11-03T14:13:06+00:00September 28th, 2022|Penetration Testing|0 Comments

How to Use ScoutSuite for AWS Security Baselining

ScoutSuite Introduction ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to [...]

By Asher Andree|2022-11-03T14:13:04+00:00September 27th, 2022|Penetration Testing|0 Comments

API Hacking: Exploring Web Vulnerabilities Under the Hood

In modern web applications, almost all functionality offered to users is handled by an Application Programming Interface or API for short. To help visualize how this works, think of a [...]

By Asher Andree|2022-11-03T14:13:01+00:00September 15th, 2022|Penetration Testing|0 Comments

Certification Experience: OSCP and PWKv2

Strategy recommendations, pitfalls to avoid, and why you should just write the lab report for crying out loud. There’s a reason why this certification has a reputation. The material covers [...]

By Ryan Basden|2020-11-02T17:20:53+00:00November 2nd, 2020|Penetration Testing|0 Comments

12 Next