Showing Posts From

September 2015

Active Directory: Users in Nested Groups Reconnaissance

The article discusses a technique for efficiently discovering users in nested Active Directory groups using the LDAP_MATCHING_RULE_IN_CHAIN OID. New Metasploit commands were introduced to perform comprehensive Active Directory user and group reconnaissance, allowing identification of users in complex nested group structures. The method enables penetration testers to quickly identify users with administrative privileges across nested group hierarchies.

Mass HTTP Enumeration with Metasploit

A Metasploit module enables mass HTTP enumeration of web servers during penetration testing. The module efficiently extracts server headers, HTTP status codes, and page titles across large networks. It allows quick identification of interesting or anomalous hosts using Metasploit's database and multithreading capabilities.

Memory Allocation: How injecting into your own tools might help you compromise a Windows domain

ADEGrab is a memory injection tool designed to extract search results from Sysinternals' AD Explorer by directly accessing the application's memory. The tool allows penetration testers to copy search results from Active Directory exploration tools that do not natively support result export. It uses Windows API calls to read and manipulate memory within the AD Explorer process, enabling users to capture and save search results.

  • 25 Sep 2015

A Practical Guide to Cracking Password Hashes

This article provides a comprehensive guide to password hash cracking techniques using Hashcat. It demonstrates how rule-based attacks can efficiently generate password variations from wordlists, significantly improving password guessing success rates. By empirically testing and developing targeted rulesets, password crackers can dramatically increase the number of cracked hashes.

Mission mPOSsible

A security presentation examined the vulnerabilities of mobile Point-of-Sale (mPOS) devices used with mobile platforms. The study investigated potential risks to sensitive customer payment data in emerging payment technologies. Findings were presented at Syscan 2014 and Blackhat USA 2014 by Nils and Jon.