root@alex:~/ # Profile picture
Self-Appointed Guest Domain Admin • Fan of Stitch • #OSCP #GXPN • Principal Security Consultant @guidepointsec • #infosec #hacking #pentesting #judo #scripting
2 subscribers
May 4, 2022 23 tweets 5 min read
Good morning my fellow #infosec and other curious individuals! Today is day TWO of my <semi> live tweeted Internal Penetration Test with Acme. Updates to follow. Here's the thread from yesterday:
First things first, gotta get the house situated so that I can be undistracted. Let's grab some breakfast, reestablish my tunnels and start taking a look at overnight scanning data.
May 3, 2022 33 tweets 8 min read
I'm going to <semi> live tweet this Internal Penetration Test. Calling the company Acme
Important notes:
Assumed Breach (Already have a Debian based image, no creds, but solely for the sake of having tools locally)
Landing in the SWIFT gateway network
Flags: DA/SWIFT 1/x Non-Evasive (we can sound alarms, they're only monitoring and validating our actions, this is not a purple team assessment to fill gaps in their NIPS)
Crystal/Glass/Full-Disclosure whatever your org calls "we'll give you any info you need to progress in terms of network topology"