Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester| ropnop blog
Serverless functions have so much potential - here’s a few useful examples I use when pentesting or doing bug bounties. Who needs testing infrastructure?| ropnop blog
The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry| ropnop blog
The SANS team hit another homerun with the HHC including awesome challenges that mimicked real-world pentest activities. Here’s my solutions!| ropnop blog
WMI and WinRM are two Windows administrative “features” that are ripe for abuse if you have credentials. In this post, I’ll show how to (mis)use them…| ropnop blog
On a recent pentest, we recovered credentials to a private Docker registry. Looting the contained images yielded us source code and admin ssh keys.| ropnop blog