Month: April 2016

Your credentials at risk with Lansweeper 5

As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so.  Lansweeper is an inventory software that scans your network in

Continue reading …

On the road to AtlSecCon

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year! Here’s a quick rundown of our presentations: The new wave of Deserialization Bugs Philippe will demystify Java deserialization flaws. Recently, there have been several deserialization bugs released. In 2015, many Java softwares – including WebLogic, Jenkins and JBoss –

Continue reading …