Monthly Archives: June 2017

Phishing via inbox Rules

June 21, 2017

During a recent pentest on a small business, gains into the client network were made via a flaw in the customers public website; however once innogen managed to traverse from the webserver to an internal employee host it became clear that there was some work to be done in order to escalate to a more trusted user account. After a day of looking at escalation areas via internal services and appli…   [...]