Wifi Feature Request: WPA handshakes

Wifi Feature Request: WPA handshakes

|
I have a bit of a feature request for all wireless assessment tools out there: Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client. Getting channels and BSSIDs isn’t usually an option. Also, many times during the assessment ... Read More
CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller

Erlang Authenticated Remote Code Execution

|
Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently. Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and ... Read More
Stealing Certificates with Apostille

Stealing Certificates with Apostille

|
At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out. During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? ... Read More
Pass the Hash with Kerberos

Pass the Hash with Kerberos

|
This blog post may be of limited use, most of the time that you have a NTLM hash you have the tools to use it. But, if you find yourself in a situation where you don’t have to tools and do have kerberos tools, you can pass the hash with ... Read More
Getting Hired: A Few Tips

Getting Hired: A Few Tips

|
In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think there is a lot more you can do, but 30 tips is a ... Read More