Lately I've been doing more Open Source Intelligence (OSINT) work where I look on the Internet for information about a subject and then compile it into a dossier. They can be very powerful and present a compelling picture.I gave "Running away from Security" talks at both BSidesCharm and BsidesBoston this year (and at CircleCityCon next week).... Continue Reading →
Recon-ng: Profiler Module
My newest recon-ng module, "profiler", Â is going to really blow you away. It doesn't do anything miraculous like crypto or ZigBee or SCADA but it does make it easy for you to get information about users on the Internet. Here is the basic premise: you want to find out if a certain user name exists... Continue Reading →
LIRC and Findings Template
Quick blog post to publish some documents I've created over the years.Sample Web Application Pen Test Excel Report Formathttps://drive.google.com/file/d/0B4pazXmFTvF2dGFYdlJYWDVKUkk/view?usp=sharingSometimes you don't need a full Word document to share your test results. That is what this doc is. It has just the facts and should be combined with a ZIP file of test data such as... Continue Reading →
Behind the Curtain: User-Agent and You
Let me ask you a question dear reader, have you ever visited a website that one of your friends posts a link to only to find that the site requires you to register for an account before you can see the content? Or perhaps you visited a web site on your computer and then also... Continue Reading →
Tilde Enumeration
The Vulnerability A while ago I found a bunch of web servers that had the Microsoft IIS Tilde Enumeration vulnerability on them. You can read more about the vuln http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf or http://www.acunetix.com/blog/web-security-zone/windows-short-8-3-filenames-web-security-problem/. Essentially, you can brute force file names that are on IIS web servers and possibly retrieve them using the ye olde style Windows 8.3 naming... Continue Reading →
Top 5 CTF Tips from a CTF Virgin
My Virgin CTF At DerbyCon (derbycon.com) 2014, I participated in my first conference CTF (Capture the Flag) event. For those that haven't yet done one, you take your laptop configured with your attack tools and join a network of hundreds of other conference-goers. All of you are tasked with exploiting information security weaknesses in the... Continue Reading →
"Cracking" Hashes with recon-ng and bozocrack
The other day I came across a database dump that had user login names and hashed passwords. I had over 1,000 of them and they were SHA256 hashes. I remembered that there was some tool that could perform Google look-ups for hashes and asked the Twitter-verse for help. Wouldn't you know that the first person... Continue Reading →
Setting up an OpenVPN server in Amazon’s EC2
Amazon Instance ConfigCreate account in Amazon.com if you don't have one alreadyGo to Amazon http://aws.amazon.com/console/ and log inCreate a new instanceChoose the Ubuntu 64bit system (free tier 2 is fine)Don't need to change any of the defaults for storage and such.Launch the instance (create or use a predefined key; set the security group (firewall))Ensure that... Continue Reading →