New to reversing? The differences between IDA Pro, ImmDBG and OllyDBG
Introduction In this blog post we will look at some of the differences between a several of the most widely used Debuggers/Disassemblers. This post is by no means exhaustive. It is meant as a brief overview to give people new to reversing a “quick start” guide. If there is anything ... Read More
Network Pentest Lab
Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds are still wired to play there. Maybe that’s why we love offsec, let’s get to the point though… ... Read More
Metasploit Buyout
Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm. After talking with some colleagues I have come up with the following, here’s some things you should know: First, be happy for ... Read More
Hacking with your Browser
Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs. First things first, most of these addons will have compatibility ... Read More
Password Attacks – Saving Time for the Fun Stuff
Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access ... Read More
esearchy – my new favorite OSINT script
So you’re on a social engineering test… and you need to target some users for spear phishing. Previously we’ve used theHarvester and metasploit for this, but I’ve now fully switched over to esearchy by Matias P. Brutti. Install on BT5: Let’s Pick on Valve (for no particular reason): Output for ... Read More
Easy, breezy, beautiful, password attacking…
Bruting web forms usually is part of a web app assessment. We love to use Hydra, Medusa, or Wfuzz for this but we recently stumbled across a tool that makes it much easier. It’s called Fireforce. It’s a Firefox extension that gives you point and click bruting. We ran it in ... Read More
Defeating iOS Jailbreak Detection
This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile application. Many of easier-to-defeat methods involve checking the iOS file system to see if any jailbreak relevant files exist. If we need test an application that employs this type of ... Read More
Bypassing web application firewalls using HTTP headers
Web application firewalls (WAF’s) are part of the defense in depth model for web applications. While not a substitute for secure code, they offer great options for filtering malicious input. Below is a story from a real assessment where an enterprise deployment of such a device was vulnerable to being ... Read More
Advanced Penetration Testing (APT) – Pentesting High Security Environments by LSO
You think you’ve come, you’ve seen, and you’ve conquered all the training in the pentest field? Think again. J0e McCray, Learn Security Online creator, has brewed up a new course to address the needs of the upper echelon of pentest monkeys out there. If you don’t know j0e from from ... Read More
