• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

RSM Author

Pentesting Restrictive Environments – Part 1

October 6, 2017 By RSM Author

The Scenario On a recent engagement, the client was focused on testing the controls that were in place within the environment. The client wanted a penetration test conducted as a malicious employee using a heavily restricted, domain joined Windows host. The other caveat is that the client would be actively looking for me and works under a 3 strike system. I want to be clear ... READ MORE

Updating Anti-CSRF Tokens in Burp Suite

September 8, 2017 By RSM Author

Updating Anti-CSRF Tokens in Burp Suite Burp Suite developed by Portswigger, is the leading software for web application penetration testing. This application is a wonderful tool for fuzzing and automatically scanning HTTP requests to identify application-level vulnerabilities. Performing a web application penetration test against a target application that has developed a ... READ MORE

Insecure Direct Object References

September 1, 2017 By RSM Author

Insecure Direct Object References Insecure Direct Object References was a category first seen in the OWASP Top Ten 2007 list. It retained its position on the following two succeeding Top Ten lists released in 2010 and 2013. Insecure Direct Object References tend to be prevalent, are easily detected, can be easily exploited, and can have a moderate, if not severe, impact on ... READ MORE

Breakdown of HTTP Messages

August 14, 2017 By RSM Author

HTTP is a stateless protocol used in the World Wide Web (WWW) to facilitate a client-server data transaction. HTTP/1.1 is currently the most widely accepted version of the protocol but the industry will begin to shift over to version 2.0 soon. Web sites and web applications are what the World Wide Web is made up of but there is a key difference between the two, which is that a ... READ MORE

Prevent GPO from applying to your attack VM

July 28, 2017 By RSM Author

You’re on an engagement and just obtained your first set of credentials. Score! You attempt to join your Windows VM to the domain and you are greeted with a warm message: “Welcome to the __ domain”. You’re excited to have your initial foothold in the network but you quickly realize these credentials don’t provide much access. We need to go deeper! You start looking for ways ... READ MORE

Footprinting the Target with Recon-ng

May 12, 2017 By RSM Author

Thank you for dropping in for part 2 of our tutorial series on LaNMaSteR53's Recon-ng information gathering framework. Last time, we focused on the fundamentals of navigation within the tool, selecting, configuring and executing modules, and understanding the output. If you came across this page first, please drop back to Part 1 of the series to get a solid background on the ... READ MORE

Reconnaissance with Recon-ng

April 13, 2017 By RSM Author

recon-bg

Intro to Recon-ng Reconnaissance is the first and arguably the most critical phase of any penetration test. It is the first step of the Attacker’s Methodology, and depending on how it is done will define how the test proceeds. This information gathering phase can be done countless different ways, but if it is not done correctly, you end up with very limited information and ... READ MORE

Fuzzing with Boofuzz – Primer

April 7, 2017 By RSM Author

Introduction On one of our recent engagements we were tasked with testing a network protocol for DoS conditions. Naturally this engagement led us to explore the various fuzzers that are currently available. After going through a few options, I came across a python fuzzing framework on Github called Sulley. The framework looked to be unmaintained, which led to the discovery of ... READ MORE

Email Hunting – Recon with Hunter.io

March 20, 2017 By RSM Author

Email Hunting

The Problem with OSINT... Something we as pentesters have to contend with on each of our engagements is recon. It is the nature of the beast with pentesting. Unlike Hugh Jackman, we cannot simply pull Hollywood magic out of our hats and break into networks on demand. If you want to successfully pull off the heist and get away with the loot, you need to do your homework ... READ MORE

Intro to IMINT

June 25, 2015 By RSM Author

*All images were obtained from Google maps and are to be used for educational reason only* I used to play Eye Spy all the time when I was younger.  It made car rides go faster, gave me and my friends something to do while waiting in the ice cream line, and as I recently discovered, the game also provided me with a bit of career prep. Imagery Intelligence (IMINT) is ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.9k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.