NetSPI Blog

Ryan Gandrud
May 2nd, 2017

Targeting Passwords for Managed and Federated Microsoft Accounts

The Basics With the continual rise in popularity of cloud services, Microsoft launched their Azure cloud infrastructure in early 2010, which eventually went on to support their Virtual Machines, Cloud Services, and Active Directory Domain Services. There are two different ways a Microsoft domain can support cloud authentication; managed and federated. A federated domain is […]

Ryan Gandrud
April 26th, 2016

Adding Web Content Filter Exceptions for Phishing Success

During phishing engagements, one of the key steps is to ensure that targeted users can access your phishing website. These filtering services can often cause problems…

Ryan Gandrud
March 23rd, 2015

All You Need Is One – A ClickOnce Love Story

Although there are many legitimate advantages to using ClickOnce deployments, it also provides a vector for malicious actors to compromise user’s machines with just one click.

Ryan Gandrud
July 14th, 2014

Bypassing AV with Veil-Evasion

Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil-Evasion which is used for creating payloads that can easily bypass Antivirus using known and documented techniques. This is done through an array of encoding schemes that change the signatures of files dramatically enough to avoid standard detection […]

Ryan Gandrud
June 16th, 2014

15 Ways to Download a File

Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog will cover 15 different ways to move files from your machine to a compromised system. It should be interesting for penetration testers who have a presence on a box and need post-exploitation options, […]

Ryan Gandrud
April 14th, 2014

Executing MSF Payloads via PowerShell Webshellery

Many web applications come with the ability to upload files to the server. Some of these can be misconfigured and allow for arbitrary file upload. During these situations, this module for MetaSploit can come in handy if the backend server is Windows. What can you do with this? This module, authored by Scott Sutherland and […]