by James Smith

Rapidly Creating Fake Users in your Lab AD using Youzer

Penetration Testing Lab Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills. They’re great fun and an asset to any security tester. Having your own lab is a great way to perform […]

Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators

I was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection.  Due to various constraints and limitations, exploitation was a little tricky and I was forced to investigate a method which allowed me to […]

Quick Guide to Installing Bloodhound in Kali-Rolling

Intro I have had a few people over the last couple of months asking me how to get Bloodhound up and running after I had sung its praise since seeing the “Six Degrees to Domain Admin” video from BSIDES Las Vegas. If you still haven’t seen the video I am […]

Exploiting MS17-010 – Using EternalBlue and DoublePulsar to gain a remote Meterpreter shell

[su_heading align=”left”]This walk through assumes you know a thing or two and won’t go into major detail. After all it’s meant for fellow researchers and penetration testers.[/su_heading] Findings so far… Findings from using these tools are the following so far [su_note]The default process that Doublepulsar injects into is ‘lsass’ It […]