Blog Archives

web_delivery, powershell, SSL and you

Powershell delivery for metasploit payloads has become extremely popular for its flexibility and AV avoidance. Metasploit recently deprecated psh_web_delivery with web_delivery which offers the ability to deliver Ruby, Python, and Powershell payloads over a webserver.         One of

Tagged with: , , , , , ,
Posted in InfoSec, metasploit

smbexec fun

Just another blog post about the basics and tools I find useful.  If you’re a pentester and you’re not using SMBexec you might be wasting some time and missing out on a well written and very helpful tool. smbexec is available here it

Tagged with: , , ,
Posted in InfoSec

RPI Toolkit – ISTS X

It’s my second year red teaming the ISTS event at RIT.  ISTS is a event similar to CCDC where teams protect a network from the red team while doing business injects.  The twist with ISTS is teams can play offense against each

Tagged with: , , , , ,
Posted in InfoSec

WCE and Mimikatz in memory over meterpreter

While hashes are great and passing the hash is an effective attack method it never hurts to have plain text passwords. Companies tend to reuse passwords on various systems or use the same password style across their network. Currently the two

Tagged with: ,
Posted in InfoSec