Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.


The Number One Pentesting Tool You're Not Using

View fullsize TL;DR: Reporting sucks, rarely does anyone enjoy it. Serpico is a tool that helps with reporting and makes it suck less through collaboration and automation, saving you time that you’d rather spend pentesting. Serpico is easy to install and works out of the box, yet highly customizable. Automating AND customizing your reports has […]

Learn More
Invoke-SMBAutoBrute.ps1 - Smart SMB Brute Forcing

Intro One of my favorite post-ex metasploit modules is smb_login. It's great for running a quick test using credentials you've discovered. One of the problems with it is that there is nothing that prevents you from locking out accounts. Plus, you have to create user list which means dumping users | cut | sed | […]

Learn More
Weaponizing Nessus

Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has been trimmed: Responder doesn't work, no passwords in GPP, all systems patched up to date, no Spring2016 passwords, etc. As frustrating as this is […]

Learn More
Update to ProxyCannon

ProxyCannon, which can be found here, has undergone some revisions since our initial release and as a result, there's some new features we'd like to introduce. Cleaner User Interface. We've cleaned up the number of arguments required to run the app from 6 to 3.  Now you only need to specify the AMI KEY, AMI ID, […]

Learn More
VPN over DNS

Overview For some time now, we've been using DNSCat as a means to covertly transmit data during engagements where clients IDS's or Firewalls might otherwise block us.  The DNS protocol is often overlooked by system's administrators and as a result this tool has been immensely useful. And while there are a other DNS tunneling solutions […]

Learn More
Websocket based egress buster

Problem It is common during a penetration test that a tester may run into the problem of figuring out which ports and maybe even which protocols are allowed out of an environment.  This is due to the need for a payload to successfully establish command and control.  With the adoption of layer 7 inspection for […]

Learn More

Learn something new every day and safeguard your digital assets with SynerComm.

Our blog is just the beginning. We can’t wait to meet your team, pinpoint your IT and security needs, and get started on your custom solution.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram