Featured

Mobile App Pentest

The explosion of new mobile apps is an unprecedented growth story. And app security is becoming front page news. Let NetSPI protect your reputation by testing your apps for vulnerabilities before release.

The NetSPI Blog

NetsPWN

Stealing unencrypted SSH-agent keys from memory

It is possible to use gdb to dump the memory of a running SSH-agent and then use that memory to reconstruct a SSH key. This provides the...

NetsPWN

Bypassing AV with Veil-Evasion

Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil-Evasion which is...

NetsPWN

Open Source Frameworks - How secure are they?

How many of your projects include open source software? Maybe it is better to call it free software. As a person who has spent time in the...

NetsPWN

Verifying ASLR, DEP, and SafeSEH with PowerShell

Today I am releasing a PowerShell script that easily displays whether images (DLLs and EXEs) are compiled with ASLR (Address Space Layout...

NetsPWN

15 Ways to Download a File

Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog...

NetsPWN

Malicious MobileConfigs

How much can you trust your devices? In this blog post, we will cover a practical attack that utilizes the iPhone Configuration Utility, a...

NetsPWN

Cracking Stats for Q1 2014

During many of our penetration tests, we gather domain password hashes (with permission of the client) for offline cracking and analysis....

NetsPWN

Locate and Attack Domain SQL Servers without Scanning

In this blog I'll share a new PowerShell script that uses Service Principal Name (SPN) records from Active Directory to identify and attack...

NetsPWN

Decrypting IIS Passwords to Break Out of the DMZ: Part 2

In my last blog I showed how to use native Windows tools to break out of DMZ networks by decrypting database connection strings in IIS web...

Pages: Prev1234567...24NextReturn Top