Pentest

4 posts
2025

Less Praying More Relaying - Enumerating EPA Enforcement for MSSQL and HTTPS

TL;DR – It’s important to know if your NTLM relay will be prevented by integrity protections such as EPA, before setting up for and …
mssql red-team ntlm-relay relay epa extended-protection-for-authentication adcs relayinformer ldaprelayscan pentest penetration-test
Read more
2024

Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover

Even within organizations that have achieved a mature security posture, targeted NTLM relay attacks are still incredibly effective after all …
ntlm-relay smb red-team opsec bof windows pentest
Read more
2023

Less SmartScreen More Caffeine: Abusing ClickOnce for Trusted Code Execution

The contents of this post were written by Nick Powers (@zyn3rgy) and Steven Flores (@0xthirteen), and is a written version of the content …
clickonce smartscreen red-team initial-access windows dotnet pentest
Read more
2021

Proxy Windows Tooling via SOCKS

Leveraging SOCKS to proxy tools from a Windows attacker machine through a compromised host is a topic that contains some nuance and room for …
red-team socks proxy pentest windows
Read more
All Tags Back to Home