Clik here to view.
Go Home InfoSec, You're Drunk
Let me start off by saying this post is easy for me to write in one facet as I’ve never been a heavy drinker or much enjoyed the taste of alcohol. So if you need a reason to disregard what I say next,...
View ArticleClik here to view.
Why Good Leaders Make You Feel Safe
This talk really touched home with me and I wanted to share it, and not just because he talked about Marines. ;–)Forward this talk on to your fellow employees, boss, etc.
View ArticleClik here to view.
The Internets Own Boy
Anyone who knows me knows that I live in a tiny world of offensive security, so much so that I miss large world events entirely. (Like elections and hurricanes)I didn’t know Aaron Swartz, or even 1% of...
View ArticleClik here to view.
Milkman: Creating Processes as Any Currently Logged in User
One of the problems with using PSEXEC from Metasploit (any of the psexec modules) is that it runs as SYSTEM. What’s the problem with that? Isn’t SYSTEM god mode? Ya, and normally I’d agree that it’s...
View ArticleClik here to view.
OSX Persistence via PHP Webshell
As I learn more and more about OSX I find things that surprise me. For instance, in this post I will be showing you how to, with root or sudo privilege, enable the built-in apache server on OSX and...
View ArticleClik here to view.
Full Disclosure - SingleClick Connect
Update:I originally posted this to the Full Disclosure mailing list but for some reason it wasn’t accepted via the moderator so I’m posting it here. First, so that the information does get out there,...
View ArticleClik here to view.
Powershell Popups + Capture
Metasploit Minute has entered into it’s 3rd “season”. And we kick it off with using the Metasploit capture modules to capture creds from this powershell popup. The cool thing about this is you can...
View ArticleClik here to view.
2015 ShmooCon Hiring
It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things.No one wants to stand at a both on either side and talk job stuff...
View ArticleClik here to view.
pfSense Without Internets
A while back I needed to set up a pfSense box for CTF/example stuff that didn’t and wouldn’t ever have Internet connectivity. Doesn’t seem like much of a task right? Just pop it in and go. Problem is...
View ArticleClik here to view.
Back to Blogger
I've had my fare share of "trying new things" after SquareSpace . I tried Ghost, Octopress, Wordpress, and about 30 others in between. All the blogging platforms I tried had some major issues that I...
View ArticleClik here to view.
Tres Lessons from Pied Piper Delete Key Hack
The teflon crew at Pied Piper suffered quite a bit during Season 2 of SILICON VALLEY. But there was no greater indignity than being brought to their knees by a tequila bottle.Since episode eight “White...
View ArticleClik here to view.
2015 DerbyCon Hiring
It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things.No one wants to stand at a both on either side and talk job stuff...
View ArticleClik here to view.
Using Domain Controller Account Passwords to HashDump Domains
Since I follow both +Carlos Perez and +Benjamin Delpy on Twitter, something caught my eye on August 2nd, soon after +Benjamin Delpy drops...
View ArticleClik here to view.
Get PasswordLastSet time for Domain Controller accounts
AKA - ROB WRITES POWERSHELL!!Yesterday I posted a way to dump hashes using a Domain Controller account. But how do you know which account to use? And when was it's password last set? net user...
View ArticleClik here to view.
Hacking Advice for @krystropolis
Today I was asked by @Krystropolis for a "Hello" and maybe some hacking advice, see tweet:I thought about it on my entire 1 hour drive home from just turning in my badge and laptop from a big...
View ArticleClik here to view.
Hiding desktop icons for presentations on OSX
If you found this post via a search, you are probably like me, "not great" at keeping your desktop clear "stuff" (you probably have a 'stuff' folder you once put stuff in and forgot about). If you are,...
View ArticleClik here to view.
DotNet's DNVM for Persistence on Developer Machines
One of the best resources for persistence mechanisms is Hexacorn's blog.http://www.hexacorn.com/blog/category/autostart-persistence/If you haven't checked out his "Beyond good ol' Run key" (linked...
View ArticleClik here to view.
R5 Industries
I recently took the plunge and joined a startup called R5 Industries. I wanted to say thanks for all the well wishes that I received on social media. It has certainly calmed my nerves about the choice...
View ArticleClik here to view.
Time
Time is a one-time non-renewable precious resource you are given. It is ok to be greedy, selective, and even snobbish about how, and with whom you spend it. If it helps, think of your time as a vault,...
View ArticleClik here to view.
Meterpreter show_mount
Meterpreter’s STDAPI extension (the one that always gets loaded) has a new command. This doesn’t happen very often so it’s worth noting.The new command prints out the currently attached “mounts”. In...
View Article