PowerShell: In-Memory Injection Using CertUtil.exe
May 31, 2018, Shane Rudy, Senior Security Consultant, Coalfire Labs
Have you ever heard the old saying,” The only constant in life is change?” Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our efforts to evade defenses. This week was one of those weeks for me.
How I discovered CVE-2017-13707
October 05, 2017, Michael Allen, Senior Consultant, Coalfire Labs
New Vulnerability Found Using Techniques Taught at Black Hat USA
One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.
Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent
August 16, 2017, Ryan MacDougall, Sr. Security Consultant
What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.
Black Hat 2017: training, cybersecurity trends and end-point protection
August 03, 2017, Marshall England, Sr. Marketing Director, Technology & Cloud
Every year, Black Hat is a highly anticipated event in the cybersecurity community—and Black Hat 2017 certainly did not disappoint! It was yet another year of record traffic, bustling with visitors from the security community that want to strengthen their security skills and postures. Organizations in the midst of digital transformations and digital native businesses alike sent security teams to learn about various tools and techniques to increase their knowledge of defense and breach prevention.