• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Offense

2020 Attack Vectors Report – Internal Pentesting

October 30, 2020 By Ken Smith

Our team has collected two years worth of internal penetration testing data to put together a white paper covering our most frequent footholds that lead to full network compromises. The data clearly shows that passwords and patching continue to be a significant problem. Nearly half of all compromises achieved by RSM's testing team between 2018 and 2020 were a direct result ... READ MORE

Building a Vulnerable Box – HTML5 VPN Portal

August 31, 2020 By Ken Smith

Years ago, I wrote a series of posts covering the basics of building and exploiting vulnerable machines for learning purposes. With my two most recent posts covering virtual labs, it seems like an appropriate time to revisit the topic. I've used the misconfiguration I'm going to cover in this article on several Capture the Flag events and mock pentests over the years. It ... READ MORE

Building a Lab Network – Faux Corporate Networks

August 18, 2020 By Ken Smith

Last month, I mentioned the possibility of setting up a second virtual firewall in a lab environment to simulate a corporate network with mock internal and external spaces. I frequently do this for CTFs, student pentesting projects, and more. Offensive security training is rapidly moving towards realistic environments. Organizations like HackTheBox which historically have ... READ MORE

Building a Lab Network in Proxmox and Sophos UTM9

July 13, 2020 By Ken Smith

One of the best ways to acquire and maintain an offensive security skill set is to build a home lab and populate it with intentionally vulnerable machines. The most straightforward option is to simply spin up VMs in VirtualBox or VMWare Player and manage everything locally. To take things to the next level, however, you really need a hypervisor like ESXi or Proxmox. Nowadays, ... READ MORE

Enumerating Emails via Office.com

May 18, 2020 By Cameron Geehr

On a recent penetration test, I discovered that manually attempting to log into Office.com would give an indication as to whether an email address exists or not. Both of the techniques I was familiar with for Office365 username enumeration, using the Autodiscover API and ActiveSync, have both been fixed so this was definitely something worth exploring. I captured a few ... READ MORE

Socially Susceptible – Augmenting phishing with machine learning classifiers

May 12, 2020 By Austin Marck

Crafting sophisticated phishing campaigns is a necessary part of offensive tradecraft for testing security conscious and complex environments. The old adage goes "a chain is only as strong as its weakest link". Historically this chain has been people, but with increased resources and focus on testing, attackers have worked to find ways to increase their chances of gaining a ... READ MORE

Netscaler Still in the Wild

March 12, 2020 By Ben Sina

It has been two months since Cirtix released details about CVE-2019-19781, a vulnerability found in their NetScaler product. In that time, we here at RSM have been working with several of our clients to help mitigate this vulnerability and remediate the effects of any successful compromises on their systems. Unfortunately, it appears that many more networks are affected by this ... READ MORE

Solarwinds

October 14, 2019 By Mike

How a Default SolarWinds Guest Account Can Facilitate Compromise – and How to Fix It The Problem SolarWinds is a leading provider of network monitoring and configuration management software. However, there’s a default feature on the SolarWinds Orion Network Performance Monitor tool that could be putting your organization at big risk. The issue is a default guest account ... READ MORE

Google Dorks

October 14, 2019 By Kyle Zeigler

Google Dork: Finding the Information You Don’t Know Exists Reconnaissance Reconnaissance. It’s a technique not unknown to most teenagers, and if we’re honest, we’ve all done it ourselves too – Googling the person you just met at the bar, Facebook stalking the new person at work, we all know the drill. This is the age of social media and data breaches, so we all know there’s a ... READ MORE

Saurus’ Guide to Security+

June 5, 2019 By Jacob Dugan

Hello fellow security professionals and those aspiring to be! Saurus here and excited to write to you on a new blog post. Being a consultant keeps me fairly busy. In addition to managing my workload I recently obtained my COMPTIA Security+ certification.  While the experience of taking the exam is still fresh in mind, I wanted to draft up a blog post about some of the ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 9
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.