With the upcoming release of King Phisher v1.1, there will come a new way to Phish through calendar invites. "Why calendar invites?" you might ask. Well, when you get a typical calendar invite, how likely are you to thoroughly read through it? People tend to check the sender and, maybe, their availability and then accept. Only when it's time for the meeting do most ... READ MORE
No RDP, No Problem!
The Setup I conducted some phishing for a pentest this past week. My ulterior motive was to have an opportunity to familiarize myself with Empire, so I decided to go with a pretext which would allow me to use the macro stager and a malicious Excel sheet attachment to drop agents onto victim boxes. After some initial hiccups, a handful of (elevated!) agents started calling ... READ MORE
Kali 2.0: Fresh Look, Easy Updates, and Post Install Tips
Kali 2.0 was released last week which means that we get to spend some time sifting through Offensive Security's latest release looking at all the new tools and tricks. Offensive Security promised us a better, more powerful penetration testing platform, and my preliminary look at 2.0 shows that they delivered. The Look Kali 2.0 switched over to the GNOME3 interface which ... READ MORE
MasterLock Combination Lock Vulnerabilty and Exploit
A couple of weeks ago, I came across an article from Samy Kamkar on how to successfully guess a combination for a standard MasterLock combination lock. It seemed pretty interesting so I gave it a try, and to my surprise it worked! However, a big downside was having to visit his website to run the algorithm in order to get the list of eight possible combinations. On a typical ... READ MORE
Build Your Own Pentest Pi
Raspberry Pis are really a thing of beauty. They're extremely versatile and can perform multiple tasks in spite of their small size and power. I currently own three! One is currently serving as a Kodi media server at home, and the second is a portable media server for my daughter. I most recently acquired a Pi 2. The Raspberry Pi 2 debuted last month and sports a new hardware ... READ MORE