Happy Friday. Today's vulnerable box was not particularly difficult to set up, but I like the exploit. I am also using this particular box on the final exam for my network security students over the next few weeks, so part of me wants to see if they stumble across the tutorial. Full disclosure: I've never encountered Rejetto's HTTP File Server on a penetration test. I ... READ MORE
Building a Vulnerable Box – Elastix
This spring, I had the opportunity to teach Network Security at a local university. As one would expect, I chose to teach the course from the perspective of a pentester. One of the challenges I've faced is setting up vulnerable systems for my students to attack. We've also started using the boxes internally to training new hires and test certain exploits and techniques (the ... READ MORE
Physical Recon TTPs – Urban Environment
The importance of onsite recon is too often overlooked when discussing physical penetration tests. Map analysis and OSINT are both essential to building cover stories and understanding your targets. And of course, the actual act of breaking-in yields the best stories. Onsite recon, however, bridges the gap between the two and should never be rushed or ignored. Different sites ... READ MORE