Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.
How I got involved in yet another new project, this time the PenTester Scripting community wiki
A story of how Christmas generosity in sharing his backup plan resulted in a friend's files being accessible by all his family.
I've just got back from BruCON 2012 where I started the week with the Corelan Live - Win32 Exploit Development Bootcamp. A lot of people asked about the course and what it covered so I've put this together.
Do you know what the VM or live CD you have just downloaded really contains and if you don't, how do you find out?
HTTP Banner grabbing beyond the root, where do you do your web banner grabbing?
I've been meaning to build a ModSecurity lab for a while and seeing as I had some free time I decided it was about time to do it and to document it for everyone to share. The lab I built uses an up-to-date version of ModSecurity with a rule set taken from the SpiderLabs github repo and, so there is something to attack, I've included DVWA.
I'm going to be doing some AP testing and this is a small part of the collection.
- The second part of my introduction to using ZAP to test WebSockets, this part focuses on fuzzing.
The following article is part two of my introduction to ZAP and testing WebSockets, in this episode I'll cover fuzzing. If you've not used ZAP before I suggest you look at some of the official tutorials first - ZAP home page, Videos. You can find my first part here OWASP ZAP and Web Sockets. The testing is being done against a small WebSockets based app I wrote called SocketToMe which has a few published services along with a few unpublished ones. In this article we are going to look at one of the published ones and try to identify some of the unpublished ones. The first feature I'll investigate is the number guessing game. Here the system picks a random number between 1 and 100 and you have to guess it. I'm going to cheat and see if I can get ZAP to play all 100 numbers for me to go for a quick win.
This Micro SD reader is so small it is only just larger than the USB connector it is built on
This scan result beats any I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy!
A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability.
Double tunnels to help a colleague in distress - Setting up SSH tunnels to allow external access to an internal network.
Twofi takes keywords and usernames and collects tweets based on these terms. It then extracts individual words and uses them to create a custom word list.
A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.
The Trojan in your pocket - Do you know what your phone is doing?
Hostapd was recently updated to version 1.0 so I've brought the Karma patches up-to-date. This release contains a fully patched source tarball and a patch file if you want to apply it to your own source. I've also added a mention of the hostapd_cli app which you can use to control hostapd once it is running.
A Pipal analysis of the recent Tesco password disclosure.
A worked example of using Burp Suite macros and session handling.
- A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.
A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.
- Setting up a RIPv1 lab in GNS3 and then exploiting it to poison routes between two machines.
In this lab I'm going to look at RIPv1, probably the most basic routing protocol. As with the VLAN labs I'm building this one in GNS3 and linking it to a Virtual Box machine running Debian. The plan is to build a network with three routers all using RIP to sync their routing information. I'll then use the attacking box to inject a fake route into the network and so divert traffic away from its real target. If you are not familiar with RIP it is hop based system where each hop is a unit and traffic is routed across the shortest number of hops.
Handle alerts generated by Kismet Newcore in OSSEC.
ivMeta is based on information in . It will attempt to pull the following bits of information from an iPhone video: * Maker - should always be Apple * iOS Software version * Date video was taken * GPS co-ords where video was taken * Model of phone
Running a Nessus scan through a Meterpreter pivot using a SOCKS4 Proxy.
It is generally accepted that most passwords in common use are based on dictionary words however, some people decide to use keyboard patterns instead and to try to spot these I've created Passpat. Passpat uses data files containing the layouts of common keyboards to walk each word through the keyboard and score the word based on how close it is to being a pattern. For now I'm taking pattern to mean keys which are next to each other, while qpalzm is a pattern picking something like that up is currently out of the scope of this project.
My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.
KreiosC2 can now channel data over TinyURL and JPEG as well as the original Twitter.