The Coalfire Labs Blog

Welcome to the Coalfire Labs Blog, a resource covering the most important issues in IT security and compliance.  The Coalfire Labs blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Exploiting Blind Java Deserialization with Burp and Ysoserial

    September 04, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a web application  penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder.

  • AWS Slurp Github Takeover

    August 28, 2018, Logan Evans, Associate, Coalfire Labs, Coalfire

    Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name (example.com) or wordlist as input and cycles through likely S3 bucket names (example.s3.amazonaws.com) looking for any world-read/writeable buckets. S3 buckets are a great find for offensive security pros because they are commonly misconfigured. This leads to things like the famous RNC Voter Records breach or Verizon’s 2017 breach.

  • The Dangers of Client Probing on Palo Alto Firewalls

    August 15, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener. 

  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

  • Executing Meterpreter on Windows 10 and Bypassing Antivirus

    June 26, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit’s Web Delivery module. I wanted to demonstrate an alternate way to achieve the same goal, without dropping any files on the host system while providing more options depending on what ports can egress the network.

  • Displaying results 16-20 (of 82)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 
Top