Google Cloud Platform pentest notes – service accounts

Google Cloud Logo

On a recent engagement, I have jumped onto a small JSON file laying in a GitLab repository which looked very intriguing. Inside there it was written it’s a service account. I found out this is related to the Google Cloud Platform (GCP). Of course, I had to explore it more, however, I never had any … Read more Google Cloud Platform pentest notes – service accounts

How to prepare a phishing campaign with GoPhish – part 2 campaign setup

This is the second part of the blog post series related to the preparation of a phishing campaign for security awareness training or red team operation. In part one, you could read how to set up tools like VPS, domain, SSL cert, and install GoPhish. This post will get your trough on how to use … Read more How to prepare a phishing campaign with GoPhish – part 2 campaign setup

How to prepare a phishing campaign with GoPhish – part 1 tools

You might need to perform security awareness training related to phishing for your customers. Or you just starting red team operation and want to start from phishing. For this reason, you start looking for tools and available options. This is what happened to me and in this post, you will read how to prepare tools … Read more How to prepare a phishing campaign with GoPhish – part 1 tools

Cracking hashes in the cloud – how can you speed it up?

You got those pesky hashes after a while setting in the customer networks. But your laptop GPU is not good enough to crack them in reasonable time? If so read further as this will be a quick reference on how to step by step start cracking hashes in the cloud using P2 powerful AWS instances … Read more Cracking hashes in the cloud – how can you speed it up?