by Lydia Zhang | Sep 29, 2021 | Pen Test Technical Tips
After studying different vendors’ approaches, here is our summary of how to do SMB OS detection right. With either SMBv1 or SMBv2, both “Session Setup Request “and “NTLMSSP_NEGOTIATE requests” shall be sent;Especially for SMB v1, if only “Session Setup AndX Request”...
by Lydia Zhang | Sep 20, 2021 | Pen Test Technical Tips
The Study of Different Approaches from 4 Well-Known Vendors You may wonder “how does a blackbox penetration test tool know about my server information when it only has the server’s IP address?” The secret is a protocol, such as Sever Message Block (SMB),...
by Lydia Zhang | Aug 24, 2021 | AI in Automated Pen Test
In the cyberworld, HelloKitty is not a cute kitten. And PrintNightmare is an actual nightmare. HelloKitty is a ransomware group who used CVE-2020-3992 to exploit networks and launch ransomware attacks against VMware ESXi servers. Due to the wide deployment of ESXi in...
by Lydia Zhang | Aug 2, 2021 | Pen Test Technical Tips
Zimbra, an open-source collaborative office suite, consisting of webmail, web document creation and management, calendar, and address book built for the cloud. More than 200,000 companies and over 1,000 governments and financial institutions use Zimbra’s messaging...
by Lydia Zhang | Jul 20, 2021 | AI in Automated Pen Test
On July 2nd, what’s considered the biggest ransomware incident to date paralyzed Kaseya and up to hundreds of other businesses associated in their supply chain. The attacker, a Russian-based group named REvil (Ransomware Evil), used a supply chain attack that...
