Quantcast
Browsing all 1156 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

2017 GrrCon Hiring List

Created the 2017 UNOFFICIAL GrrCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/ddfN6gHPbCJweGUw2 (One small tip, first come first serve,...

View Article


Image may be NSFW.
Clik here to view.

Open Source Pentesting

My talk today at Wild West Hacking Fest was about some documents that I released here. I’ll make this blog post more indepth later but for right now I wanted to get the slides out. (If you can’t access...

View Article


Image may be NSFW.
Clik here to view.

2018 ShmooCon Hiring List

Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/aDRYaH5wubSqWcUk1 (One small tip, first come first serve,...

View Article

Image may be NSFW.
Clik here to view.

A Few Changes

For nearly a year I left a CoinHive miner up on the blog so that people that didn’t feel like or couldn’t afford a way to support the blog could do so via a bit of CPU power. Unfortunately during that...

View Article

Image may be NSFW.
Clik here to view.

Getting Hired: A Few Tips

In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think...

View Article


Image may be NSFW.
Clik here to view.

Pass the Hash with Kerberos

This blog post may be of limited use, most of the time, when you have an NTLM hash, you also have the tools to use it. But, if you find yourself in a situation where you don’t have the tools and do...

View Article

Image may be NSFW.
Clik here to view.

2018 BH/DC/BSidesLV Hiring List

Created the 2018 UNOFFICIAL BlackHat, DEF CON, BSidesLV Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/dIjQHTPLk7ZYyv5D2(One small tip, first...

View Article

Image may be NSFW.
Clik here to view.

Stealing Certificates with Apostille

At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.During that talk, they quickly touched on a tool written by Rogan...

View Article


Image may be NSFW.
Clik here to view.

2018 DerbyCon Hiring List

Created the 2018 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/K6kfOY5dHH6lcQm63(One small tip, first come first serve,...

View Article


Image may be NSFW.
Clik here to view.

2018 KiwiCon Hiring List

Created the 2018 UNOFFICIAL KiwiCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/hfftscOGBWp14Ust1(One small tip, first come first serve,...

View Article

Image may be NSFW.
Clik here to view.

Erlang Authenticated Remote Code Execution

Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently.Erlange is an interesting language because it has “built-in...

View Article

Image may be NSFW.
Clik here to view.

Wifi Feature Request: WPA handshakes

I have a bit of a feature request for all wireless assessment tools out there:Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client....

View Article

Image may be NSFW.
Clik here to view.

2019 ShmooCon Hiring List

Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/I4sbeEpxMwNI6qn33(One small tip, first come first serve,...

View Article


Image may be NSFW.
Clik here to view.

VulnReport Install

A co-worker referenced a pretty cool tool released by @SalesForce’s security team called “VulnReport“I wanted to try it out so I checked out their Github report to start the install:...

View Article

Image may be NSFW.
Clik here to view.

Reset AD user password with Linux

Image showing how to allow users to be able to reset user passwordsDisclaimer: If you are here because you are a helpdesk person, this is a pentest blog, so it’s coming from the mindset of a pentester,...

View Article


Image may be NSFW.
Clik here to view.

Dynamic DNS Update Module

“Secure” DNS updates is the default in Windows, but there is an option to allow “Nonsecure” updates. I have seen this changed when non-Windows DHCP servers are used (eg Access Points), this opens a...

View Article

Image may be NSFW.
Clik here to view.

Security Affairs Questions

Soon after I blogged about the “Snagging Creds from Locked Machines” and it went a bit viral for a day, Pierluigi Paganini from SecurityAffairs.co asked me some great questions, that I failed to answer...

View Article


Image may be NSFW.
Clik here to view.

Dump LAPS passwords with ldapsearch

If you’ve ever been pentesting an organization that had LAPS, you know that it is the best solution for randomizing local administrator passwords on the planet. (You should just be leaving them...

View Article

Image may be NSFW.
Clik here to view.

2017 DerbyCon Hiring List

Created the 2017 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/vyqVHjZkxE4WhA9X2(One small tip, first come first serve,...

View Article

Image may be NSFW.
Clik here to view.

Automatically deleting old Gmail email

Like many of you I’m a gmail hoarder. I never deleting anything, just “archive” everything. I “might” need it later, or “I’ll get to it when I have time”. If we get really honest with ourselves, we...

View Article
Browsing all 1156 articles
Browse latest View live