- Staying clean with Vagrant and Chef
Intro
I’ve recently been thinking about the most effective way to sanitize my pen-testing VM’s prior to the start of a new engagement. Reason being, pen-testing VM’s can be quite unsanitary if neglected.
Read More
- SLAE Assignment 5 - msfvenom Shellcode Analysis
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 7 - Crypters
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 6 - Polymorphic Shells
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 2 - Reverse TCP Shell
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 1 - Bind TCP Shell
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 3 - Egg Hunter
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- SLAE Assignment 4 - Custom Encoder
SLAE Assignment Stub
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification.
Read More
- /bin/sh execve Stack
The execve SYSCALL
A useful SYSCALL that can help with executing a shell is
Read Moreexecve.
- Setting up BloodHound on Debian Jessie
Every year I usually flag some tools that I want to try when I get back home from hacker summer camp. Things end up getting hectic, life and work takes over, and a year later, my reminders auto-delete rules remove all traces of what was once recorded.
Read More
- Scheduling OSX tasks with launchd
Scheduling system tasks on OSX can be achieved with either with cron or launchd. At a first glance, it looks like launchd supersedes cron on OSX and when a job is created in cron, launchd actually does all the work.
Read More
- Steps to create an AWS hash cracking rig
A couple of months ago, I spun up an AWS hash cracking rig as part of a project I’ve been working on called Wordsmith.
Read More
- iOS Mobile App Testing 101: Intercepting and Observing Mobile Application Traffic
Establishing a Man-in-the-Middle (MitM) position can give you a great deal of insight into the various HTTP requests and API calls an iOS mobile application makes.
Read More
- Natively Keylogging *NIX Systems
I recently conducted a penetration test for a client that has rich *NIX environment. After obtaining user access to several workstations, it was apparent that access to the interesting areas of the network required retrieving clear text passwords from users password database files.
Read More
- Learning assembly, reverse engineering and preparing for the OSCE
It’s been some time since my last post so I thought I would share a quick update of what I’m up to.
Read More
- Fixing wmis in SprayWMI
I ran into an error with SprayWMI where wmis could not execute due issues with the system architecture, even though I am running an i386 version of Kali 2.
Read More
- Using Postfix and OSSEC to Monitor Your VPS or Production *NIX Systems
A few months ago I was experimenting with receiving custom alerts from my internet facing *NIX boxes. Some of the things I wanted to monitor in real-time (or close enough to) were successful SSH login attempts, sudo/privilege escalation alerts and new file creations. I wrote a few shell scripts that handled this for me and it ended up working pretty well.
Read More
- PWK Course and OSCP Exam Review
0x00 - Starting Off
The Offensive Security Certified Professional (OSCP) certification is by far the most challenging and the most rewarding achievement I have accomplished. For those of you who aren’t familiar with the OSCP, it is the worlds first completely hands on information security certificate. This means that there is no theory in this course, no study guide and no multiple choice exam. Instead, students are given access to the Penetration Testing with Kali (PWK) labs to develop their pen-testing skills before attempting to challenge the excruciatingly painful 24 hour OSCP exam. This is then followed by an additional 24 hours to compose and submit a formal penetration test report of the OSCP exam lab. But we’ll touch more on that later.
Read More
- bWAPP Walkthroughs
I had a really fun time testing the bWAPP web application modules created by Malik at MME IT.
Read More
- SQL Injection through HTTP Headers
A vulnerable web app that I have been enjoying recently is bWAPP. You should definitely check it out if you haven’t already.
Read More
- Linux Post Exploitation
Gathering useful information from Linux box after exploiting it can be a lengthily and tedious task. To help automate some of this process I’ve created a post exploitation script in bash which will gather most of the useful information for you. I still strongly suggest conducting a thorough manual investigation.
Read More
- Incident Response 101: Preserving Information
Often most people’s immediate response to a malware infection is to disconnect a host from the network. While this is a great precautionary action to prevent malware propagation, it destroys some valuable data that can be used for further investigations. This includes:
Read More
- Generating Revenue from Google AdSense
Recently I met with a friend who spoke about some people he knew generating large sums of money using a method which includes increasing views on YouTube videos. By no means am I advocating or endorsing this. I just think it would be interesting to look into as it has the potential to pose several security issues which we will get into later.
Read More
- Unencrypting strings using bash
As I mentioned in an earlier blog post, I’ve recently been messing around with various CTF challenges. Often, to advance to the next level you usually need to hunt for eggs which contain encrypted/encoded passwords.
Read More
- Capture all the flags
Recently I’ve been using some fantastic cloud based CTF resources in hopes of building my pen-testing skills. I thought I would share these resources with you guys, hopefully you can find as much use out of them as I did :)
Read More
- Hijacking sessions using socat
Recently I’ve been working through pentesterlabs exercises to learn a bit more about identifying and exploiting security flaws in web applications.
Read More
- Brushing Up On Web-App Pen Testing
An area of Security that I really want to build my skill in is Web Application testing. I’ve decided that over the course of this week I’m going to watch these excellent video’s on irongeek created by Jeremy Druin, Conrad Reynolds and Adrian Crenshaw. After that I’ll be creating some various attack scenarios in Mutillidae which is an intentionally vulnerable web application.
Read More
- The fastest way to delete a lot of records in a TSQL table.
This isn’t Security related research, but it could come in handy for anyone looking to delete a large amount of data from TSQL databases.
Read More
- Playing with CVE-2013-3893 in Metasploit
Here’s a quick write up about using the new ie_setmousecapture_uaf exploit in Metasploit. This was done in a test environment within my Security lab.
Read More
- Understanding Rootkits
Sorry about the lack of updates, I have been enjoying my time off after being approved for graduation.
Read More
- A Detailed Exploration of Polymorphic Malwares
Sorry about the lack of updates, I have been enjoying my time off after being approved for graduation.
Read More
- Red Hat Internship Exposition
For the past 3 months I have been fortunate enough to work as an intern at Red Hat.
Read More
- Video Tutorials
I thought I would share some of my previous video tutorials that I have made for academic purposes.
Read More