If you found your way to this blog post, you are interested in penetration testing and want to know how to begin your career in the field. Whether you are a college student, already in the IT space, or work in an entirely different field, the first and best piece of advice is to just hit the ground running. There is a lot to learn but there are also so many great resources to ... READ MORE
CheapSk8ing: How to Shop Like A Hacker
Introduction There is an area in most websites where protections like the ones found on most login pages aren't present; the box where you type the promo/coupon code. An organization with a strong security posture for login pages will usually have several layers of defense-in-depth in place, such as the following: CAPTCHA challenges Rate limiting IP deny-listing ... READ MORE
Red Team Assessments vs Penetration Testing Assessments
At RSM, one of our goals is to help guide the client into choosing the right test for them. This isn’t always as simple as it sounds, as it takes into consideration factors such as goals or size of the network. One of the most common questions we receive are on the difference between a penetration assessment and a Red Team assessment. Many in the cybersecurity world also ... READ MORE
How to Perform OGNL Injection
While we frequently discuss SQL injection and command injection, OGNL injection receives a lot less attention. What is OGNL? OGNL stands for “Object Graph Navigation Language,” which is written through Java and is used in the Apache Struts2 framework for web applications. Struts2 was originally created to build “enterprise ready web applications” and was known for being able ... READ MORE
Back To Basics: NTLM Relay
Despite being a veteran protocol, New Technology Lan Manager (NTLM) remains one of the most common authentication protocols used in Windows environments. Even though Kerberos offers enhanced security features over NTLM, many systems and functions still depend on NTLM, making it impossible for most organizations to move away from it entirely. Unfortunately, there are a number ... READ MORE
Back to Basics: Brute Forcing Techniques
During an attack, a threat actor can often enumerate leverageable information through open-source intelligence (OSINT) gathering techniques. This can include information on users that are present on the target environment, such as usernames and email addresses. Often, a threat actor can use this information to craft a targeted list of users to facilitate a variety of attack ... READ MORE
2022 Attack Vectors Report
For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these ... READ MORE
Back to Basics: Kerberoasting
Welcome back to our "Back to Basics" series, where we provide you with an overview of the bread and butter pentesting techniques that we regularly see compromise networks. In this week's installment, we're looking at Kerberoasting. Kerberoasting is a method to capture hashed passwords using the Kerberos network authentication protocol. This protocol protects network services ... READ MORE
CSRF on Anonymous Forms
Using CSRF on Anonymous Forms This article will focus on linking CSRF vulnerabilities with phishing attacks to extend the lifetime of your captured credentials. Cross Site Request Forgery (CSRF) vulnerabilities on anonymous forms are often ignored or overlooked, but when combined with a credential-harvesting phishing campaign it extends the life of your captured credentials. ... READ MORE
Quick Reference: Empire Persistence Modules
During a penetration test you may find yourself in a situation where your foothold in the network is tenuous and you need to establish persistence. Such as when your only foothold is on a workstation, the end of day is quickly approaching, and the user may shutdown their system. In these cases you'll likely have to save something to the hard disk, but what type of persistence ... READ MORE