
Wifi Feature Request: WPA handshakes
I have a bit of a feature request for all wireless assessment tools out there: Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client. Getting channels and BSSIDs isn’t usually an option. Also, many times during the assessment ... Read More

Erlang Authenticated Remote Code Execution
Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently. Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and ... Read More

Stealing Certificates with Apostille
At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out. During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? ... Read More

Pass the Hash with Kerberos
This blog post may be of limited use, most of the time that you have a NTLM hash you have the tools to use it. But, if you find yourself in a situation where you don’t have to tools and do have kerberos tools, you can pass the hash with ... Read More

Getting Hired: A Few Tips
In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think there is a lot more you can do, but 30 tips is a ... Read More