Going to DEF CON was a dream I never thought...
Penetration Testing
Rotating Your Pentesting Vendor Is A Mistake!
Having sold and performed assessments and...
In Scope or Out of Scope?
#_SHELLNTEL In penetration testing, it’s...
Penetration Testing Myths, Truths, & Best Practices
SynerComm partnered with ChannelBytes to present...
SynerComm Reboots a Security Staple with ‘Continuous’ Pentesting
Participating in Black Hat USA 2020, we sat down...
Building a Pwnagotchi
What is a Pwnagotchi? From the Website:...
Continuous Penetration Testing
“So, let’s say we fix all of the...
Stop Sharing Your Password with Everyone
Insert under image - Palo Alto Networks...
AWS Metadata Endpoint – How to Not Get Pwned like Capital One
One of the greatest yet unknown dangers that...
Lessons Learned from Pentesting – What Should Keep You Up At Night
Coming from someone who can officially say that...
Why 14 Characters?
Background While experts have agreed for decades...
How to build a (2nd) 8 GPU password cracker
Why? … Stop asking questions! Background...
DA 101 – Protecting your Domain Admin Account
At SynerComm's Fall IT Summit 2018 we presented...
OpenSSH < 7.7 - Username Enumeration Exploit
On August 15th, 2018 a vulnerability was posted...
Thoughts on Blocking Powershell.exe
This post is inspired by a twitter debate I...
How to build a 8 GPU password cracker
TL;DR This build doesn't require any "black...
The Upside Down – Ventures into the 5GHZ Spectrum
In the hit Netflix series 'Stranger Things', the...
spin-up: Quickly Launch a Provisioned EC2 Attack Server
When on an engagement, sometimes we'll encounter...
Luckystrike: An Evil Office Document Generator.
DerbyCon Tool Drop 2.0 Talk here. Luckystrike...
The Number One Pentesting Tool You’re Not Using
TL;DR: Reporting sucks, rarely does anyone enjoy...
Invoke-SMBAutoBrute.ps1 – Smart SMB Brute Forcing
Intro One of my favorite post-ex metasploit...
Weaponizing Nessus
Once in a blue moon we come across a client that...
Update to ProxyCannon
ProxyCannon, which can be found here, has...
VPN over DNS
Overview For some time now, we've been using...
Websocket Based Egress Buster
Problem It is common during a penetration test...
Abusing Exchange Web Service – Part 1
Outlook Web Access (OWA) has been one of the...
Why Security Awareness Training Fails
First, let's talk about what "failure" is and is...
Assisted directory brute forcing
Very frequently during a web application...
crEAP – Harvesting Users on Enterprise Wireless Networks
With the demands of a mobile workforce, wireless...
[UPDATE] Creating your own private botnet for scanning.
This is an update to an older post that can be...
PowerShell Memory Scraping for Credit Cards
During the post exploitation phase of a...
Using PowerShell & Unicorn to Get Persistence
Recently I was on an engagement where I received...
Creating your own private botnet for scanning.
[ UPDATE] The tool has been re-written. New...
Circle City Con: 2015 CTF Writeup
The shellntel team attended Circle City Con this...
Validating the Effectiveness of Your Controls
About six years ago, social engineering...
Dragon: A Windows, non-binding, passive download / exec backdoor
In my many years of participating in CCDC, I...