Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

VPN over DNS

Overview For some time now, we've been using DNSCat as a means to covertly transmit data during engagements where clients IDS's or Firewalls might otherwise block us.  The DNS protocol is often overlooked by system's administrators and as a result this tool has been immensely useful. And while there are a other DNS tunneling solutions […]

Learn More
Websocket Based Egress Buster

Problem It is common during a penetration test that a tester may run into the problem of figuring out which ports and maybe even which protocols are allowed out of an environment. This is due to the need for a payload to successfully establish command and control. With the adoption of layer 7 inspection for […]

Learn More
Abusing Exchange Web Service - Part 1

Outlook Web Access (OWA) has been one of the consistently viable attack vectors for pentesters and bad guys alike for many years. Frequently, an attacker will obtain valid credentials by brute forcing OWA portals exposed to the internet. Once credentials are obtained an attacker can then access the target network via any other single factor […]

Learn More
Why Security Awareness Training Fails

First, let's talk about what "failure" is and is not in the context of Security Awareness Training (SAT). Failure is not when a company gets breached due to social engineering. Wait, what?? All the outstanding training in the world does not guarantee that an individual will follow it when the moment of testing occurs. Soldiers are trained […]

Learn More
Assisted directory brute forcing

Very frequently during a web application assessment a pentester may begin by fingerprinting what web frameworks and libraries are used by a given application.  Possibly by running a tool such as blindelephant or whatweb.  Commonly though the tester may just notice a unique identifier in the web traffic or URL.  Consider the following: So simply […]

Learn More
crEAP - Harvesting Users on Enterprise Wireless Networks

With the demands of a mobile workforce, wireless networks in enterprise environments are quite common.  Typically, enterprise wireless networks employ WPA-Enterprise security features, which removes the need for preshared keys (WPA2-PSK) that float around between employees creating security concerns of sharing or unauthorized access upon termination, etc. These WPA-Enterprise (802.1x) wireless networks often make use of […]

Learn More

Learn something new every day and safeguard your digital assets with SynerComm.

Our blog is just the beginning. We can’t wait to meet your team, pinpoint your IT and security needs, and get started on your custom solution.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram