Category: penetration testing

How to: Kerberoast like a boss
A Zero Day Latest News, pentest

How to: Kerberoast like a boss

Kerberoasting: by default, all standard domain users can request a copy of all service accounts along with their correlating password hashes. Crack these and you ... Read More

A Pen Tester’s First Solo: Aviation Security 101
A Zero Day Latest News, pentest

A Pen Tester’s First Solo: Aviation Security 101

My colleague Ken and I are both private pilots with a keen interest in avionics and security. We were fortunate to have access to some ... Read More

Real-life social engineering. Two days in tweets
A Zero Day Latest News, pentest

Real-life social engineering. Two days in tweets

This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie_ I did this ... Read More

Fin7 sysadmin pleads guilty to running IT for billion-dollar crime syndicate
admin, breach

Fin7 sysadmin pleads guilty to running IT for billion-dollar crime syndicate

Fedir Oleksiyovich Hladyr is the first member of the infamous cybercrime network to be found guilty of hacking-related crimes in a US court. . Fin7 ... Read More

Pwning a Siemens Scalance ICS switch through ARM reversing
A Zero Day Latest News, pentest

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or ... Read More

Lojack’d: Pwning Smart vehicle trackers
A Zero Day Latest News, pentest

Lojack’d: Pwning Smart vehicle trackers

This research is by @evstykas with help from @Yekki_1 and @TheKenMunroShow. Many car insurers insist that smart trackers are fitted to high end vehicles. In ... Read More

A Secure “Smart” Kettle?
A Zero Day Latest News, pentest

A Secure “Smart” Kettle?

We haven’t looked at smart kettles for a long time, mostly as the UK market leader, Smarter, fixed their security with the iKettle 3.0. So ... Read More

PrivEsc in Lenovo Solution Centre, 10 minutes later
A Zero Day Latest News, pentest

PrivEsc in Lenovo Solution Centre, 10 minutes later

CVE-2019-6177 – Lenovo Solution Centre Privilege Escalation. Slow, but sure. TL;DR We found a privilege escalation vulnerability in the Lenovo Solution Centre (LSC) software, which ... Read More

Dating apps that track users from home to work and everywhere in-between
A Zero Day Latest News, pentest

Dating apps that track users from home to work and everywhere in-between

TL;DR We were able to precisely locate and track the users of four major dating apps, potentially putting at risk 10 million users This risk ... Read More