Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server

Scott Sutherland
March 27th, 2020

Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server

This blog will share how to configure your own vulnerable Linux server so you can practice building and breaking at home.

Scott Sutherland
March 26th, 2020

Linux Hacking Case Studies Part 4: Sudo Horror Stories

This blog will cover different ways to approach SSH password guessing and attacking sudo applications to gain a root shell on a Linux system.

Scott Sutherland
March 25th, 2020

Linux Hacking Case Studies Part 3: phpMyAdmin

This blog will walkthrough how to attack insecure phpMyAdmin configurations and world writable files to gain a root shell on a Linux system.

Scott Sutherland
March 24th, 2020

Linux Hacking Case Studies Part 2: NFS

This blog will walk through how to attack insecure NFS exports and setuid configurations in order to gain a root shell on a Linux system.

Scott Sutherland
March 23rd, 2020

Linux Hacking Case Studies Part 1: Rsync

This blog will walk through how to attack insecure Rsync configurations in order to gain a root shell on a Linux system.

Jake Karnes
February 13th, 2020

Attacking Azure with Custom Script Extensions

PowerShell and Bash scripts are excellent tools for automating simple or repetitive tasks. Azure values this and provides several mechanisms for remotely running scripts and commands in virtual machines (VMs). While there are many practical, safe uses of these Azure features, they can also be used maliciously. In this post we’ll explore how the Custom […]

Josh Weber
July 9th, 2019

Collecting Contacts from zoominfo.com

For our client engagements, we are constantly searching for new methods of open source intelligence (OSINT) gathering. This post will specifically focus on targeting client contact collection from a site we have found to be very useful (zoominfo.com) and will describe some of the hurdles we needed to overcome to write automation around site scraping. […]

Karl Fosaaen
March 20th, 2019

Using Azure Automation Accounts to Access Key Vaults

This is the second post in a series of blogs that focuses around Azure Automation. Check out “Exporting Azure RunAs Certificates for Persistence” for more info on how authentication works for Automation Accounts. In this installment, we’re going to focus on making use of Automation Accounts to gain access to sensitive data stored in Key […]

Kevin Robertson
March 6th, 2019

MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory’s Oddest Settings

MachineAccountQuota (MAQ) is a domain level attribute that by default permits unprivileged users to attach up to 10 computers to an Active Directory (AD) domain. My first run-in with MAQ was way back in my days as a network administrator on a new job. I was assigned the task of joining a remote location’s systems […]