https://pentest.party Posts about pentesting, red teaming and malware development Sun, 03 May 2026 22:03:42 +0000 https://pentest.party/posts/2025/checkmk/ https://pentest.party/posts/2025/checkmk/ During a pentest a few weeks ago, I had the opportunity to take a closer look at Checkmk. Checkmk is an agent-based monitoring system in which the server pulls monitoring data from its agents via TCP ... Sun, 21 Dec 2025 00:00:00 +0000 https://pentest.party/posts/2025/tls-reverse-shells/ https://pentest.party/posts/2025/tls-reverse-shells/ In a recent pentest I had code execution on an internal system, but was too lazy to deploy a full C2. Instead, I wanted to go for a classic reverse shell. Of course, the trusty old bash -i >& / ... Mon, 08 Sep 2025 00:00:00 +0000 https://pentest.party/posts/2025/ksetup-machine-password/ https://pentest.party/posts/2025/ksetup-machine-password/ Yesterday I stumbled upon an old tweet from @Oddvarmoe. In it, he described that a local admin can use the built-in ksetup.exe to change the password of the machine account. This only takes effect aft ... Sat, 16 Aug 2025 00:00:00 +0000 https://pentest.party/posts/2024/persistence-with-wmi-filters/ https://pentest.party/posts/2024/persistence-with-wmi-filters/ The list of Active Directory persistence techniques is already pretty long. This blog post adds another one to that list. The basic idea is this: Add a new Group Policy Preference (GPP) to an existing ... Sat, 29 Jun 2024 00:00:00 +0000 https://pentest.party/posts/2024/detecting-sandboxes-without-syscalls/ https://pentest.party/posts/2024/detecting-sandboxes-without-syscalls/ The PEB, TEB and KUSER_SHARED_DATA structs are mapped into the memory space of every process. They provide a wealth of information to the process and can be accessed without having to perform syscalls ... Fri, 19 Apr 2024 00:00:00 +0000 https://pentest.party/posts/2023/pwing-arcserve-backup-infrastructure/ https://pentest.party/posts/2023/pwing-arcserve-backup-infrastructure/ During a recent internal pentest I was asked to take a closer look at the customers backup infrastructure. In this blog post I will describe the attack path from domain user to full control over Arcse ... Fri, 25 Aug 2023 00:00:00 +0000