This is an update to an older post that can be found here.  Since createProxy's initial release, we've received some great feedback and, as a result, we made some improvements.   There were several shortcomings with the previous version, all of which rested on the use of ProxyChains.  ProxyChains is old, outdated, and failed to […]

During the post exploitation phase of a penetration test, I like to provide the client with examples of what could happen if a breach were to take place.  One of the most common examples of this is credit card theft. To demonstrate this threat, I created a PowerShell memory scraper against whatever application (many times […]

One of the most frequent questions I get from my CircleCityCon/DerbyCon Active Directory talk goes something like "You recommend that we delegate permissions in AD (as opposed to just dropping everything in Domain Admins), but I just inherited this domain and have no idea what delegation is. Help?" Well good news: 1) Delegation in AD isn't […]

Recently I was on an engagement where I received a meterpreter shell only to have it die within minutes before I could establish persistence. Talk about frustration! I've never had the best of luck with Metasploit's s4u_persistence module. Just to make sure, I did a quick test. I established a shell over tcp/53 on my Windows 7 […]

[ UPDATE]  The tool has been re-written.  New details can be found here: http://www.shellntel.com/blog/2015/9/9/update-creating-your-own-private-botnet-for-scanning Often while scanning a network with nmap or other similar tools, at some point a NIDS or firewall will detect and block me.  This is irritating.  I wondered, what would happen if I could route my scans/attacks through a series of proxy […]

The shellntel team attended Circle City Con this year and participated in their second annual Capture The Flag tournament.  While there was many great things at the conference, this event held our attention for its majority as we spent the majority of our time solving the puzzles.  In the end, we ended up taking second […]

So you would like to automate your vulnerability management lifecycle?  Good luck.  But if you are motivated hopefully this little bit of powershell will help.  Here are the prereqs: - Must have powershell v3 - Must use Qualys for vulnerability scanning.  - For added functionality an additional cmdlet has been included to generate tickets with an […]

About six years ago, social engineering penetration tests became the norm for the A-Team.  In many of these tests, our team would attempt as many as 10-20 unique exploits against various applications and operating system functions.  This often included exploits against Flash, Java, Adobe Reader, MS Office and IE.  While one or two exploit attempts […]

In my many years of participating in CCDC, I keep running into the same problem.  If you've red teamed for one of these events, I'm sure you've probably encountered similar issues.  You've gotten a shell on a system, you've even installed a backdoor either through a bind listener, or through a reverse connection that calls back periodically. However, savvy […]