• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Kyle Zeigler

No More Mimikatz

October 14, 2019 By Kyle Zeigler

Mitigating Windows Credential Flaws There’s a vulnerability in Windows systems that is leveraged time and time again while compromising a network. Though the technique is well known to attackers, it is rarely mitigated effectively. Bad combination. But it’s convenient… Windows systems will cache user credentials in system memory. In cleartext. This is a default feature in ... READ MORE

Stanford Password Policy

October 14, 2019 By Kyle Zeigler

A creative solution for stronger passwords Rules, Rules, Rules Most of us are familiar with basic password rules: Don’t use ‘password’. Duh. Don’t use your username as your password. Got it. Don’t repeat the same password for multiple accounts. Don’t choose an easily guessable password combination, even if it looks complex, e.g. ‘Winter2016’. Ok… I know ... READ MORE

SMB Relay

October 14, 2019 By Kyle Zeigler

SMB Relay Attack The SMB relay attack has been around for years, and publicly available tools make the attack easier to carry out. The attack can result in a full network compromise with relatively little effort or expertise on the part of the attacker, making this a very common technique. What’s worse, we’ve noticed many organizations are vulnerable to this attack and might ... READ MORE

Google Dorks

October 14, 2019 By Kyle Zeigler

Google Dork: Finding the Information You Don’t Know Exists Reconnaissance Reconnaissance. It’s a technique not unknown to most teenagers, and if we’re honest, we’ve all done it ourselves too – Googling the person you just met at the bar, Facebook stalking the new person at work, we all know the drill. This is the age of social media and data breaches, so we all know there’s a ... READ MORE

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.9k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.