This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Posts ·

Posts

  • Wifi Feature Request: WPA handshakes

    Oct 14, 2018

    I have a bit of a feature request for all wireless assessment tools out there: Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client. Getting channels and BSSIDs isn’t usually an option. Also, many times during the assessment I’m performing there are physical aspects to it, like guards or cameras, so sitting down in the lobby and typing out commands to De-auth that client or BSSID isn’t really great OPSEC.

    Read More
  • Erlang Authenticated Remote Code Execution

    Sep 15, 2018

    Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently. Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and distributed tasks right out of the gate. A little bit of history I first started digging into Erlang again from an attackers point of view at BSides Philadelphia 2016, where I talked about SolarWinds ORION.

    Read More
  • 2018 KiwiCon Hiring List

    Sep 9, 2018

    Created the 2018 UNOFFICIAL Kiwicon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/hfftscOGBWp14Ust1 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.) Direct Link to the Hiring List Google Doc: https://docs.

    Read More
  • 2018 DerbyCon Hiring List

    Sep 1, 2018

    Created the 2018 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/K6kfOY5dHH6lcQm63 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.) Direct Link to the Hiring List Google Doc: https://docs.

    Read More
  • Stealing Certificates with Apostille

    Aug 26, 2018

    At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out. During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does. To be more accurate, Apostille generates a clone of the certificate chain, identical in as many details as possible, apart from the actual key values.

    Read More
  • 2018 BH/DC/BSidesLV Hiring List

    Jul 27, 2018

    Created the 2018 UNOFFICIAL BlackHat, DEF CON, BSidesLV Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/dIjQHTPLk7ZYyv5D2 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.) Direct Link to the Hiring List Google Doc: https://docs.

    Read More
  • Pass the Hash with Kerberos

    Jul 24, 2018

    This blog post may be of limited use, most of the time, when you have an NTLM hash, you also have the tools to use it. But, if you find yourself in a situation where you don’t have the tools and do happen to have kerberos tools, you can pass the hash with it. Lets say with have the NTLM hash for the user uberuser and the hash is 88e4d9fabaecf3dec18dd80905521b29. The first step to do so is to create a keytab file using ktutil:

    Read More
  • Getting Hired: A Few Tips

    Jul 22, 2018

    In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think there is a lot more you can do, but 30 tips is a good start. Don’t post obvious CFAA violations to social media If you go in without a job and a chip on your shoulder, you’ll leave the same way If you don’t ask follow up questions, I won’t have any either, like “would you like the job?

    Read More
  • A Few Changes

    Jul 9, 2018

    For nearly a year I left a CoinHive miner up on the blog so that people that didn’t feel like or couldn’t afford a way to support the blog could do so via a bit of CPU power. Unfortunately during that time lots of malware started to use services like coinhive and I quickly started recieving warning that my site had been “hacked” or was showing up as malicious (har har).

    Read More
  • 2018 ShmooCon Hiring List

    Dec 28, 2017

    Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/aDRYaH5wubSqWcUk1 (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.) Direct Link to Google Doc: https://docs.google.com/spreadsheets/d/10BXjzS1KsaWFkQkAjlox3Chrk5wD1lgUf1RWi50Jiso/

    Read More