NetSPI Blog

Thomas Elling

Thomas has a BS in computer science from Columbia University with a focus on software development and security. He has experience as an undergraduate researcher at the CU Network Security Lab. At NetSPI, Thomas primarily focuses on web application and network penetration testing. He also helps with research and tool development for the assessment team.

Thomas Elling
May 31st, 2018

Dumping Active Directory Domain Info – with PowerUpSQL!

This blog walks through some new Active Directory recon functions in PowerUpSQL. The PowerUpSQL functions use the OLE DB ADSI provider to query Active Directory for domain users, computers, and other configuration information through SQL Server queries.

Thomas Elling
April 17th, 2018

Dumping Active Directory Domain Info – in Go!

I’ve used NetSPI PowerShell tools and the PowerView toolset to dump information from Active Directory during almost every internal penetration test I’ve done. These tools are a great starting point for gaining insight into an Active Directory environment. Go seems to be gaining popularity for its performance and scalability, so I tried to replicate some […]

Thomas Elling
February 13th, 2018

Attacks Against Windows PXE Boot Images

If you’ve ever run across insecure PXE boot deployments during a pentest, you know that they can hold a wealth of possibilities for escalation. Gaining access to PXE boot images can provide an attacker with a domain joined system, domain credentials, and lateral or vertical movement opportunities. This blog outlines a number of different methods […]

Thomas Elling
January 2nd, 2018

Microsoft Word – UNC Path Injection with Image Linking

Microsoft Word is an excellent attack vector during a penetration test. From web application penetration tests to red team engagements, Word documents can be used to grab NetNTLM hashes or prove insufficient egress filtering on a network. There has been an abundance of quality research done on Word attack vectors. If you haven’t had a […]

Thomas Elling
May 30th, 2017

Dynamic Binary Analysis with Intel Pin

Intro to Intel Pin Dynamic Binary Instrumentation (DBI) is a technique for analyzing a running program by dynamically injecting analysis code. The added analysis code, or instrumentation code, is run in the context of the instrumented program with access to real, runtime values. DBI is a powerful technique since it does not require the source […]