The NetSPI Blog

Scott Sutherland's Articles

Scott is currently responsible for the development, and execution of penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. His goal is to help them identify the risks that exist in their environment, and develop prioritized remediation plans that take into account their business constraints and requirements. As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI.

NetsPWN

15 Ways to Bypass the PowerShell Execution Policy

By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration...

NetsPWN

Locate and Attack Domain SQL Servers without Scanning

In this blog I'll share a new PowerShell script that uses Service Principal Name (SPN) records from Active Directory to identify and attack...

NetsPWN

Decrypting IIS Passwords to Break Out of the DMZ: Part 2

In my last blog I showed how to use native Windows tools to break out of DMZ networks by decrypting database connection strings in IIS web...

NetsPWN

Decrypting IIS Passwords to Break Out of the DMZ: Part 1

In this blog I’ll cover how to use native IIS  tools to recover encrypted database passwords from web.config files and leverage them...
NetsPWN

Bypassing Anti-Virus with Metasploit MSI Files

A while back I put together a short blog titled 10 Evil User Tricks for Bypassing Anti-Virus. The goal was to highlight common anti-virus misconfigurations...
NetsPWN

Faster Domain Escalation using LDAP

In this blog I’ll cover how to find systems where Domain Admins are likely to be logged in by querying the “ServicePrincipleName...
Assessment Services

Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks

In order to meet business requirements and client demand for...
Assessment Services

Resources for Aspiring Penetration Testers

At some point, all penetration testers get asked, “Where did you learn all this stuff?” In my experience, the question often comes...
Assessment Services

10 Evil User Tricks for Bypassing Anti-Virus

Many anti-virus solutions are deployed with weak configurations that provide end users with the ability to quickly disable or work around the...
Pages: Prev1234NextReturn Top