7MS #158: Pentesting in a Vacuum

Today we're talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges: Check the C: drive! If you get local admin and the system itself looks boring, che...

23 Aug 202432min

Hello friends, I'm excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian's Pentesting and Technical Tips for You! It's a knowledge base of IT and securit...

17 Aug 20247min

Artificial hype alert! I'm working on a NEW version of BPATTY (Brian's Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation. It's we...

12 Aug 202411min

Today we're talking about eating the security dog food – specifically: Satisfying critical security control #1 Using the Atlassian family of tools to create a ticketing/change control system and wrap...

3 Aug 202445min

Hi, today's tale of pentest pwnage covers a few wins and one loss: A cool opportunity to drop Farmer "crops" to a domain admin's desktop folder via PowerShell remote session Finding super sensitive d...

26 Jul 202432min

Hey friends, we're doing a little departure from our normal topics and focusing on how to create a security knowledgebase (is that one word or two?) using Docusaurus! It's cool, it's free, it's from ...

19 Jul 202414min

Today's tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip...

12 Jul 202448min

Hi friends, today's a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud'homme – fant...

7 Jul 202415min