Featured

App Code Review

Application designers and programmers are not security experts…no matter how much you hope they are. Let NetSPI dig into the code early and often, and make sure your code is secure.

The NetSPI Blog

NetsPWN

Stealing unencrypted SSH-agent keys from memory

It is possible to use gdb to dump the memory of a running SSH-agent and then use that memory to reconstruct a SSH key. This provides the...

NetsPWN

Bypassing AV with Veil-Evasion

Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil-Evasion which is...

NetsPWN

Open Source Frameworks - How secure are they?

How many of your projects include open source software? Maybe it is better to call it free software. As a person who has spent time in the...

NetsPWN

Verifying ASLR, DEP, and SafeSEH with PowerShell

Today I am releasing a PowerShell script that easily displays whether images (DLLs and EXEs) are compiled with ASLR (Address Space Layout...

NetsPWN

15 Ways to Download a File

Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog...

NetsPWN

Malicious MobileConfigs

How much can you trust your devices? In this blog post, we will cover a practical attack that utilizes the iPhone Configuration Utility, a...

NetsPWN

Cracking Stats for Q1 2014

During many of our penetration tests, we gather domain password hashes (with permission of the client) for offline cracking and analysis....

NetsPWN

Locate and Attack Domain SQL Servers without Scanning

In this blog I'll share a new PowerShell script that uses Service Principal Name (SPN) records from Active Directory to identify and attack...

NetsPWN

Decrypting IIS Passwords to Break Out of the DMZ: Part 2

In my last blog I showed how to use native Windows tools to break out of DMZ networks by decrypting database connection strings in IIS web...

Pages: Prev1234567...24NextReturn Top