Headshot of Thomas Elling

Thomas Elling

Linkedin

Director, Cloud Pentesting

As the Director of Cloud Pentesting at NetSPI, Thomas Elling has advised multiple Fortune 500 companies in the technology sector, specializing in web application and cloud security testing. In addition, he serves as a security researcher to continue advancing NetSPI's assessment team with research and tool development. Thomas holds a BS in computer science from Columbia University with a focus on software development and security where he gained experience as an undergraduate researcher at the CU Network Security Lab.

More by Thomas Elling

Cloud Pentesting

What the Function: Decrypting Azure Function App Keys 

When deploying an Azure Function App, access to supporting Storage Accounts can lead to disclosure of source code, command execution in the app, and decryption of the app’s Access Keys.

Learn More

SDxCentral: Decentralization Haunts Security, Cloud Transitions

On August 8, NetSPI Senior Director Thomas Elling was featured in an article in SDxCentral called Decentralization Haunts Security, Cloud Transitions.

Learn More
Network Pentesting

Dumping Active Directory Domain Info – with PowerUpSQL!

This blog walks through some new Active Directory recon functions in PowerUpSQL. The PowerUpSQL functions use the OLE DB ADSI provider to query Active Directory for domain users, computers, and other configuration information through SQL Server queries.

Learn More
Network Pentesting

Dumping Active Directory Domain Info – in Go!

I've used NetSPI PowerShell tools and the PowerView toolset to dump information from Active Directory during almost every internal penetration test I've done. These tools are a great starting point for gaining insight into an Active Directory environment. Go seems to be gaining popularity for its performance and scalability, so I tried to replicate some of the functionality in my favorite PowerShell tools. goddi (go dump domain info) dumps domain users, groups, domain controllers, and more in CSV output. And it runs on Windows and Linux!

Learn More
Network Pentesting

Attacks Against Windows PXE Boot Images

If you've ever run across insecure PXE boot deployments during a pentest, you know that they can hold a wealth of possibilities for escalation. Gaining access to PXE boot images can provide an attacker with a domain joined system, domain credentials, and lateral or vertical movement opportunities. This blog outlines a number of different methods to elevate privileges and retrieve passwords from PXE boot images.

Learn More
Network Pentesting

Microsoft Word – UNC Path Injection with Image Linking

Microsoft Word is an excellent attack vector during a penetration test. From web application penetration tests to red team engagements, Word documents can be used to grab NetNTLM hashes or prove insufficient egress filtering on a network. This blog will cover a slightly different approach: inserting an image via a link.

Learn More
Thick Application Pentesting

Dynamic Binary Analysis with Intel Pin

For this blog, I’ll explore Intel’s Pin tool and Linux system call hooking. Pin offers a comprehensive framework for creating pin tools to instrument at differing levels of granularity.

Learn More