Primary Content: Home

Hacking a Corporation From the Inside: Internal Penetration Tests

This is one part of a two part series, maybe take a look at Hacking a Corporation From the Outside: External Penetration Tests too!

Introduction

Occasionally I get asked by clients how I approach the technical aspects of a Penetration Test, you know, what are all those little black boxes with green text that I’ve got open on my screen? Also occasionally, when I’m talking to new testers and people interested in becoming a penetration tester, they understand tool use and they often understand the specifics of vulnerabilities but don’t necessarily know how it all goes together.

Additionally, GracefulSecurity.com is filled with information on Infrastructure security, but there’s no guide about how it all fits together!  So I plan here, to write up a step-by-step example of how I go from plugging in to a corporate network and end up leaving that day as a Domain Administrator.

Continue reading: Hacking a Corporation From the Inside: Internal Penetration Tests

Book Review: Red Team Field Manual

Title: Red Team Field Manual
Author: Ben Clark

 

TL;DR:
In short, a book I recommend for those times you’re caught on a Penetration Test without Internet access and you just can’t quite remember valid syntax for the tar command!
You won’t learn anything new as the book offers little in the way of explanation for anything and is most certainly just a lengthy, bound, cheat sheet – but, it’s cheap, packed full, and serves its specific purpose well.

Continue reading: Book Review: Red Team Field Manual

Introduction to Content Security Policy

Content Security Policy (CSP) is a built-in protection mechanism in web browsers that allows you to specify trusted sources for content such as JavaScript and allows you to block inline incudes. It can effectively stop attacks such as Cross-site Scripting and ClickJacking.

The settings are configured server side and given to the web browser via a server response header, the “Content-Security-Policy” header, here’s a simple example of one of these headers:

Content-Security-Policy: script-src 'self'; object-src 'self'

Continue reading: Introduction to Content Security Policy

SQL Injection Filter Evasion with sqlmap

Whenever I find a SQL injection vulnerability I always throw sqlmap at the injection point. It’s a simple, easy to use tools that will not only prove the vulnerability but allow you to extract data, gain command execution, and generally push further on with your penetration test. If I come across a filter or a web application firewall then I’ll habitually break out Burp Suite and start working on filter evasion manually, however there’s often a simpler way.

Continue reading: SQL Injection Filter Evasion with sqlmap