Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes)

This blog post is mainly aimed to be a very 'cut & dry' practical guide to help clear up any confusion regarding NTLM relaying. Talking to pentesters I've noticed that there seems to be a lot of general confusion regarding what you can do with those pesky hashes you get with …

in Pentesting · Fri 02 June 2017

Automating the Empire with the Death Star: getting Domain Admin with a push of a button

Ever since Empire and BloodHound, pentesting Active Directory has become pretty straight forward for 95% of the environments I get dropped in.

I find myself doing the same things over and over again, and when that happens it's time to automate! After all a 'fire and forget' script that automatically …

in Pentesting · Mon 29 May 2017