User Enumeration Part 3 – Windows

This is the third installment in a series of blogs on user enumeration.  In Part 1 – Building Name Lists, I talked about ways of building usernames from OSINT and US census data. In this installment, I’m going to discuss putting this info to work in...

User Enumeration Part 1 – Building Name Lists

A common part of pen tests – both network and web app – is password spraying. In order to do that, you need usernames. But how do you find out what your target’s usernames are? This is the first in a series of posts to discuss user enumeration and...

SQLi Data Exfiltration via DNS

Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate and exfiltrate data from a DB server via blind SQLi. On a recent web app test, I encountered a...