Penetration Testing Lab Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills. They’re great fun and an asset to any security tester. Having your own lab is a great way to perform […]
Wardriving was once a really popular sport, I myself loved mapping new areas with my trusty Orinco Gold Card. I’m not sure how popular it is these days but I thought I’d write this guide as I came across my GPS dongle and got set it up in Kali Rolling. […]
I was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection. Due to various constraints and limitations, exploitation was a little tricky and I was forced to investigate a method which allowed me to […]
Building on from my previous post, this will primarily focus on delivering an Empire payload via an embedded offensive PowerShell script stored within the ‘comments’ property of an MS Excel document. PowerShell Empire: Begin by creating an Empire listener, see Empire’s documentation on how to get started with this by […]
As a penetration tester I’m always excited to see new and creative methods on creating weaponized MS Office documents. This blog post builds on the following findings published by Black Hills InfoSec: https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/ There are numerous ways on how MS Office documents can be abused and weaponised to deliver […]
What’s YANP I hear you ask? YANP stands for “Yet Another Nessus Parser” written by Alessandro Di Pinto and I’m over the moon that I found it. I’ll tell you why. Getting all the IP addresses and ports together from Nessus to stick them into other tools such as TestSSL.sh […]
Intro I have had a few people over the last couple of months asking me how to get Bloodhound up and running after I had sung its praise since seeing the “Six Degrees to Domain Admin” video from BSIDES Las Vegas. If you still haven’t seen the video I am […]
[su_heading align=”left”]This walk through assumes you know a thing or two and won’t go into major detail. After all it’s meant for fellow researchers and penetration testers.[/su_heading] Findings so far… Findings from using these tools are the following so far [su_note]The default process that Doublepulsar injects into is ‘lsass’ It […]
Even though this vulnerability was detected back in 2015 I am only starting to notice it popping up on engagements more frequently. CVE-2015-8103 – Jenkins CLI – RMI Java Deserialization allows remote attackers to execute arbitrary code via a crafted serialized Java object. Apparently, according to Foxglove security Jenkins and […]
So… you’ve just setup a shiny new server and you want to take measures to keep the bad guys out? Well, here I will give you a few tips on how to do just that. This guide was written with CentOS 7.1 in mind but other up-to-date variants such as […]