Month: <span>August 2018</span>

Dark Tip: Avoiding SSL Inspection on Palo Alto Firewalls

August 29, 2018
PentestingResearch
0 Comment

When I stood up a Palo Alto firewall to do research for my blog post on The Dangers of Client Probing on Palo Alto Firewalls, I also found something interesting in the UI.  Under Device -> Certificate Management -> SSL Decryption Exclusion there was a list of domains that by default were exempt from SSL…

Read More

The Dangers of Client Probing on Palo Alto Firewalls

August 16, 2018
Defense
0 Comment

While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener. This hash belonged to an account named…

Read More

Bypassing Duo Two-Factor Authentication (Fail Open)

August 3, 2018
PentestingPost Exploitation
0 Comment

Often times while performing penetration tests it may be helpful to connect to a system via the Remote Desktop Protocol (RDP). I typically use rdesktop or xfreerdp to connect to host once I have obtained credentials to do all sorts of things such as use Active Directory Users and Computers or SQL Management Studio.  One…

Read More