Thomas Elling
Thomas has a BS in computer science from Columbia University with a focus on software development and security. He has experience as an undergraduate researcher at the CU Network Security Lab. At NetSPI, Thomas primarily focuses on web application and network penetration testing. He also helps with research and tool development for the assessment team.
May 31st, 2018
Dumping Active Directory Domain Info – with PowerUpSQL!
This blog walks through some new Active Directory recon functions in PowerUpSQL. The PowerUpSQL functions use the OLE DB ADSI provider to query Active Directory for domain users, computers, and other configuration information through SQL Server queries.
April 17th, 2018
Dumping Active Directory Domain Info – in Go!
I’ve used NetSPI PowerShell tools and the PowerView toolset to dump information from Active Directory during almost every internal penetration test I’ve done. These tools are a great starting point for gaining insight into an Active Directory environment. Go seems to be gaining popularity for its performance and scalability, so I tried to replicate some […]
February 13th, 2018
Attacks Against Windows PXE Boot Images
If you’ve ever run across insecure PXE boot deployments during a pentest, you know that they can hold a wealth of possibilities for escalation. Gaining access to PXE boot images can provide an attacker with a domain joined system, domain credentials, and lateral or vertical movement opportunities. This blog outlines a number of different methods […]
January 2nd, 2018
Microsoft Word – UNC Path Injection with Image Linking
Microsoft Word is an excellent attack vector during a penetration test. From web application penetration tests to red team engagements, Word documents can be used to grab NetNTLM hashes or prove insufficient egress filtering on a network. There has been an abundance of quality research done on Word attack vectors. If you haven’t had a […]
May 30th, 2017
Dynamic Binary Analysis with Intel Pin
Intro to Intel Pin Dynamic Binary Instrumentation (DBI) is a technique for analyzing a running program by dynamically injecting analysis code. The added analysis code, or instrumentation code, is run in the context of the instrumented program with access to real, runtime values. DBI is a powerful technique since it does not require the source […]