Clik here to view.
Iterative DNS Brute Forcing
Everyone has their list of hostnames they brute force domains with. In my last post I even mentioned a few ways to use one with XARGS or PARALLEL. But one fact about wordlist brute forcing is that...
View ArticleClik here to view.
Executing code via SMB / DCOM without PSEXEC
PSEXEC has been a staple for Windows post exploitation pivoting and system administration for a long while. The basic premise of how all “psexec” tools work is: (Optional) Upload a service executable...
View ArticleClik here to view.
Dumping NTDS.dit domain hashes using Samba
So there was this blog post that talking about a number of ways to dump windows credentials by @lanjelot [definitly someone to follow] – here:...
View ArticleClik here to view.
CCDC Red Teamer's Creed
This is my box. There are many like it, but they are all mine.My malware is my best friend. It is my life. I must master it as I must master my life.My malware, without me, is useless. Without my...
View ArticleClik here to view.
Installing PyCrypto on OSX Mavericks
Keeping it here for notes and just in case anyone else runs into this same issue.12brew install pipsudo ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future pip install pycryptoIf you...
View ArticleClik here to view.
Effective NTLM / SMB Relaying
SMB Relay has been around for a long while. I even have a post about using it along with LNK files here: MS08-068 + MS10-046 = Fun until 2018Here is the problem though. Most of the tools to exploit it...
View ArticleClik here to view.
Go home InfoSec, you're drunk
Let me start off by saying this post is easy for me to write in one facet as I’ve never been a heavy drinker or much enjoyed the taste of alcohol. So if you need a reason to disregard what I say next,...
View ArticleClik here to view.
Why good leaders make you feel safe
This talk really touched home with me and I wanted to share it, and not just because he talked about Marines. ;–)Forward this talk on to your fellow employees, boss, etc.
View ArticleClik here to view.
The Internets Own Boy
Anyone who knows me knows that I live in a tiny world of offensive security, so much so that I miss large world events entirely. (Like elections and hurricanes)I didn’t know Aaron Swartz, or even 1% of...
View ArticleClik here to view.
Milkman: Creating processes as any currently logged in user
One of the problems with using PSEXEC from Metasploit (any of the psexec modules) is that it runs as SYSTEM. What’s the problem with that? Isn’t SYSTEM god mode? Ya, and normally I’d agree that it’s...
View ArticleClik here to view.
OSX Persistence via PHP Webshell
As I learn more and more about OSX I find things that surprise me. For instance, in this post I will be showing you how to, with root or sudo priviledge, enable the built-in apache server on OSX and...
View ArticleClik here to view.
Full Disclosure - SingleClick Connect
Update: I originally posted this to the Full Disclosure mailing list but for some reason it wasn’t accepted via the moderator so I’m posting it here. First, so that the information does get out there,...
View ArticleClik here to view.
Powershell Popups + Capture
Metasploit Minute has entered into it’s 3rd “season”. And we kick it off with using the Metasploit capture modules to capture creds from this powershell popup. The cool thing about this is you can...
View ArticleClik here to view.
2015 ShmooCon Hiring
It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things.No one wants to stand at a both on either side and talk job stuff...
View ArticleClik here to view.
pfSense without Internets
A while back I needed to set up a pfSense box for CTF/example stuff that didn’t and wouldn’t ever have Internet connectivity. Doesn’t seem like much of a task right? Just pop it in and go. Problem is...
View ArticleClik here to view.
Executing Code via SMB / DCOM Without PSEXEC
PSEXEC has been a staple for Windows post exploitation pivoting and system administration for a long while. The basic premise of how all “psexec” tools work is:(Optional) Upload a service executable...
View ArticleClik here to view.
Dumping NTDS.dit Domain Hashes Using Samba
So there was this blog post that talking about a number of ways to dump windows credentials by @lanjelot [definitly someone to follow] – here:...
View ArticleClik here to view.
CCDC Red Teamer's Creed
This is my box. There are many like it, but they are all mine.My malware is my best friend. It is my life. I must master it as I must master my life.My malware, without me, is useless. Without my...
View ArticleClik here to view.
Effective NTLM / SMB Relaying
SMB Relay has been around for a long while. I even have a post about using it along with LNK files here: MS08-068 + MS10-046 = Fun until 2018Here is the problem though. Most of the tools to exploit it...
View ArticleClik here to view.
Installing PyCrypto on OSX Mavericks
Keeping it here for notes and just in case anyone else runs into this same issue.brew install pipsudo ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future pip install pycryptoIf you...
View Article