Intro to Recon-ng Reconnaissance is the first and arguably the most critical phase of any penetration test. It is the first step of the Attacker’s Methodology, and depending on how it is done will define how the test proceeds. This information gathering phase can be done countless different ways, but if it is not done correctly, you end up with very limited information and ... READ MORE
Blog
Fuzzing with Boofuzz – Primer
Introduction On one of our recent engagements we were tasked with testing a network protocol for DoS conditions. Naturally this engagement led us to explore the various fuzzers that are currently available. After going through a few options, I came across a python fuzzing framework on Github called Sulley. The framework looked to be unmaintained, which led to the discovery of ... READ MORE
King Phisher Release 1.7
Today we're proud to release the latest version of King Phisher, 1.7. Since the last release, we have added two major features and a couple of new plugins. For a complete list of changes, checkout the change log. The first new feature is something that has been requested for a little while now and that's the ability to send messages using separate To, CC, and BCC fields. This ... READ MORE
Do it Live! – Social Engineering Training
Social engineering one of the most utilized attack vectors used in real world breaches. These come in the form of phishing, vishing, device drops, and even in person. A lot of research and prep-time comes into play with social engineering as we have to know the target, the objective, the environment, and most importantly ourselves. Prior to security, I performed in theatre for ... READ MORE
A Beginner’s Guide to the CVE process
Before I got into the security field full time, I made it my goal to someday discover a previously unpublished exploit that would warrant the assignment of a CVE. I was always amazed at the constantly updated Exploit-DB list and wanted to be able to make my own contribution to the database. This month, I was finally able to accomplish my goal and submit my first two ... READ MORE
Email Hunting – Recon with Hunter.io
The Problem with OSINT... Something we as pentesters have to contend with on each of our engagements is recon. It is the nature of the beast with pentesting. Unlike Hugh Jackman, we cannot simply pull Hollywood magic out of our hats and break into networks on demand. If you want to successfully pull off the heist and get away with the loot, you need to do your homework ... READ MORE
Compromise a DCOS Server through a Docker Container
Ever wonder how you can use a docker container to compromise the host? There is a simple process to do so, if you have the ability to start a docker container. With the increasing utilization of docker, there have been several cluster solutions developed. Among these solutions is DC/OS. By default, the installation is found to be rather insecure. The first couple of steps have ... READ MORE
Boston Key Party CTF Crypto-200
I love using sponges for crypto Who doesn't, right? This past weekend was the Boston Key Party (BKP) CTF which was a fun and challenging event. The challenge I spent the most time working on was the Crypto 200 point challenge titled "Sponge". The challenge was to find a collision with the known value "I love using sponges for crypto" using a custom hashing algorithm ... READ MORE
Flash….Thunder!
So another year has passed and what an active year it was, chocked full of security events, breaches, and account dumps! Accounts that have been breached continue to pop up on multiple sale sites and we continue to see a trend that has plagued the industry for years and years... password reuse. I know what you're thinking, oh boy another blog about password reuse and why ... READ MORE
Evil AP Attacks with Spoofed Certificates
We've written in the past about the "Evil twin" or "Evil AP" attack using hostapd-wpe ("wireless pwnage edition"). This remains a viable attack in environments using enterprise authentication, and the patched hostapd obviates the need for a wireless access point, making the attack easy and portable. However, like most attacks there are still opportunities for tweaking and ... READ MORE