Wifi Feature Request: WPA handshakes
I have a bit of a feature request for all wireless assessment tools out there: Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client. Getting channels and BSSIDs isn’t usually an option. Also, many times during the assessment ... Read More
Erlang Authenticated Remote Code Execution
Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently. Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and ... Read More
Stealing Certificates with Apostille
At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out. During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? ... Read More
Pass the Hash with Kerberos
This blog post may be of limited use, most of the time that you have a NTLM hash you have the tools to use it. But, if you find yourself in a situation where you don’t have to tools and do have kerberos tools, you can pass the hash with ... Read More
Getting Hired: A Few Tips
In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think there is a lot more you can do, but 30 tips is a ... Read More
2018 ShmooCon Hiring List
Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/aDRYaH5wubSqWcUk1 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have ... Read More