Posts by Ted Raffle

3 min Cybersecurity

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.

2 min This One Time on a Pen Test

This One Time on a Pen Test: CSRF to Password Reset Phishing

In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.

1 min Penetration Testing

This One Time on a Pen Test: Our Accidental Win

In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.

1 min Penetration Testing

This One Time on a Pen Test: What’s in the Box?

Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.

2 min Penetration Testing

This One Time on a Pen Test: Missed a Spot

In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.

3 min

How to Use Metasploit Teradata Modules

As penetration testers, we often find ourselves working with applications and services that are new to us or uncommon. In one such case, I performed an internal network penetration test that was focused exclusively on a handful of Teradata database servers. To test for weak passwords, I had cobbled together a Windows batch file that would wrap username and password lists around Teradata’s bteq application. However, one thing I wanted to do was come back sometime and build a proper Metasploit log

4 min Penetration Testing

Metasploit MinRID Option

We’ve added a new option to the smb_lookupsid Metasploit module [https://www.rapid7.com/db/modules/auxiliary/scanner/smb/smb_lookupsid]. You can now specify your starting RID. Wait, What Does This Module Do Again? As a penetration tester, one of the first things I try to do on an internal network is enumerate all of the domain users so that I can perform login attacks against them. It would be a noteworthy risk if we could do that anonymously, because that means that any malicious actor who can