[ Pen Testing ] :: Step by Step: Post-Exploitation

Glenn Norman

This is post 6 of 20 in the series “[ Pen Testing ]” Post-Exploitation Now we’re in, and it’s time to expand our powers. Post-Exploitation in Windows CrackMapExec is our most excellent friend here. It’s a Windows/Active Directory exploration/exploitation tool that lets us walk their domain and machines and do whatever we damn well wanna. …

[ Pen Testing ] :: Step by Step: Exploitation

exploit-db

This is post 5 of 20 in the series “[ Pen Testing ]” Exploitation BOF (buffer overflow) Exploits Buffer overflows are pretty technical, but eventually you’ll find yourself using them. In most cases you’ll copy or create code and encode it into a shellcode exploit. Review and correct the initial pre for configurable variables. Pay …

[ Pen Testing ] :: Step by Step: Enumeration

Security Exploits

This is post 4 of 20 in the series “[ Pen Testing ]” Enumeration Okay, by now you’ve spent hours, days or weeks stealthily footprinting your scope. Since this is pen testing, you’ve been mighty careful not to exceed your scope, right? So let’s talk tools and techniques. See https://security.stackexchange.com/questions/168247/reduce-noise-when-penetration-testing for an extensive list of …

[ Pen Testing ] :: Step by Step: Prepping a Fresh Kali Install for Action

Lurking Hacker

This is post 2 of 20 in the series “[ Pen Testing ]” Initial Tasks for a New Kali Install # Run these commands to make sure your Kali box is # truly up-to-date: apt-get update apt-get upgrade apt-get upgrade –fix-missing apt-get distupgrade # You WILL need git: apt-get install git # Edit /root/.bash_aliases, for …