This post outlines the changes and new features that were added in the PyRDP 1.0 release and explores what is in store for future PyRDP development efforts. Over the last few years PyRDP has secured itself as a strong candidate for both offensive security engagements...
A disconnect exists between how defenders perceive the value of their implemented security controls, and the most common attack vectors leveraged by penetration testers acting as potential attackers. Today, we are excited to release Cybersecurity Perceptions Versus...
When we initially released PyRDP in late 2018, we familiarized ourselves with the Remote Desktop Protocol (RDP) relatively quickly. It became clear that our initial release couldn’t tackle all the opportunities that an active on-the-wire attacker could have. During my...
Last month, we presented at Hack In Paris (France) a XML External Entities (XXE) exploitation workshop. It showcase methods to exploit XXE with numerous obstacles. Today, we present our method to exploit XXEs with a local Document Type Declaration (DTD) file. More...
This past July, Kevin Robertson from NetSPI released a blog post entitled, “Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS,” which introduced a new technique (to us at least) targeting weak default access control in Active...
FR
