Hello world ! Get ready for some fun, tips and tricks


  • Recon— This is the one area most people skip over or put the least amount of effort into. Don’t. Without question, this is the most important phase. If done correctly, it is possible to gain access to a network without using a single exploit. For example, take a look at the modules available in recon- ng. Some of our favorites are the pwnlist modules and namechk.
  • Scanning — Try to be as accurate as possible. If your scanner supports a scan dedicated to PCI, don’t use it. PCI scans have a very high false positive rate. If the project is a Crystal-box or Grey-box test, look into credentialed scanning. It will reduce the false positives, and the scan will run much faster. As an added bonus, it will also dramatically reduce the likelihood of crashing a system. Finally, always review the low and medium risk findings. These lower-risk findings may add up and result in significant potential for attack.
  • Exploitation— Always explicitly set the TARGET in Metasploit, as it will reduce the likelihood of a target crash and will increase the likelihood of successful exploitation. Get very comfortable with the Social Engineering Toolkit. Learn how to bypass AV, see the reference section below.
  • Post-Exploitation— After you have access to a target system, put the exploits away. Dump the passwords, crack the passwords. Get familiar with mimikatz. Get familiar with passing the hash. Get familiar with password spraying. Pivot mercilessly.
  • Reporting— Tell a narrative and demonstrate the risk through screenshots and videos. Never, ever, copy and paste results from an automated tool.

Must-Have Tools



Teensy* — Emulate keyboards to take over systems.
Pwnplug* — Small, portable, powerful covert pen testing platform.
* These tools are available on a commercial (cost) basis.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s