User enumeration is a common vulnerability found across many applications; however, it is typically missed by automated testing and only discovered with hands on keyboard testing. During an external penetration test, Triaxiom performs a series of automated scans for both discovery purposes (port mapping, discovery of assets, etc.), and vulnerability enumeration. Once those are complete, […]
File upload filtering is an extremely important part of web application security that is also notoriously hard to get right. And unfortunately the stakes are high, as vulnerabilities associated with your file upload functionality can quickly turn into critical, exploitable issues with impacts that include remote code execution on the underlying web server. So let’s […]
In today’s blog, we are going to explore a common category of attacks: denial of service attacks. You are likely familiar with the term, as it has been used commonly in the news. But what exactly is a denial of service attack, and more importantly, what are some steps you can take to prevent it […]
In this blog, we will explore one of the more severe vulnerabilities we see on an internal penetration test: setting the local administrator password via GPO. Group Policy Objects (GPO) are used to push configuration items down to machines in an Active Directory environment. GPOs are really useful tools to make sure that systems are […]
In this blog, we will look at one of the attacks we use on almost every internal penetration test, pass the hash. Many times, to make managing devices easier and because this account is rarely used, IT Teams will set the local administrator account to the same password on all devices across the organization. The […]
In this blog, we are going to walk through one of the most common ways we get an initial foothold on a network during an internal penetration test: NBNS and LLMNR Spoofing. First, we’ll discuss what these two technologies are, then we’ll talk about how to exploit them and the potential impact. Finally, we’ll discuss […]
In a previous post, we covered timing-based username enumeration vulnerabilities and how an attacker can exploit these weaknesses to craft a list of known-valid user accounts. The next step in that attack chain is using that list of valid accounts to conduct password attacks and try to gain unauthorized access to an organization’s exposed login […]
From time to time, when we see a particular vulnerability that keeps showing up over and over again during penetration testing engagements, we like to write about it and help spread awareness. This can help explain the issue, the subsequent risk it presents to your organization, and how to successfully remediate the issue or at […]
