ropnop blog
  • Posts
  • Conference Talks
  • Tags
  • Series
ropnop blog

pentest


Docker for Pentesters

 Posted on July 18, 2019  |  ropnop

Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester [Read More]
docker  pentest  impacket  linux  smb  windows 

Attacking Default Installs of Helm on Kubernetes

 Posted on January 28, 2019  |  ropnop

Default installations of Helm on Kubernetes can make it trivial for attackers to escalate to cluster admin. In this post I'll demonstrate how. [Read More]
pentest  kubernetes  helm  tiller  gke 

Serverless Toolkit for Pentesters

 Posted on November 11, 2018  |  ropnop

Serverless functions have so much potential - here's a few useful examples I use when pentesting or doing bug bounties. Who needs testing infrastructure? [Read More]
docker  pentest  serverless 

Extracting SSH Private Keys From Windows 10 ssh-agent

 Posted on May 20, 2018  |  ropnop

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here's how to extract unencrypted saved private keys from the registry [Read More]
windows  ssh  powershell  openssh  rsa  pentest 

SANS Holiday Hack 2017 Writeup

 Posted on January 18, 2018  |  ropnop

The SANS team hit another homerun with the HHC including awesome challenges that mimicked real-world pentest activities. Here's my solutions! [Read More]
sans  writeup  pentest  holidayhack 
SANS Holiday Hack Write-ups 

Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM)

 Posted on April 27, 2016  |  ropnop

WMI and WinRM are two Windows administrative "features" that are ripe for abuse if you have credentials. In this post, I'll show how to (mis)use them... [Read More]
windows  shell  pentest  wmi  winrm  powershell 
Using Credentials to Own Windows Boxes 

Plundering Docker Images

 Posted on April 15, 2016  |  ropnop

On a recent pentest, we recovered credentials to a private Docker registry. Looting the contained images yielded us source code and admin ssh keys. [Read More]
docker  pentest 

ropnop  • © 2020  •  ropnop blog

Hugo v0.63.2 powered  • Modified theme based on Beautiful Hugo