Video credit: Adrian Crenshaw, @irongeek_adc Process Ventriloquism with ZeroSteiner A Rookie PoV The Hollywood Fallacy with H3llcat ... READ MORE
R&D
King Phisher 1.3 Released
Yesterday RSM released the latest version of its open source Phishing Campaign toolkit, King Phisher. This new release includes some very exciting new features. One of the two primary new features is the addition of auto-completion for the Jinja and basic HTML tags in the message editor. King Phisher supports a large number of template variables on top of the ones built into ... READ MORE
Do That Auto Complete
These days we all enjoy the ease of use in graphical text editors. Some text editors will propose suggested words as your are typing. One thing that starts to move a generic text editor into more of a Integrated Development Environment (IDE) is the ability to get auto complete suggestions for common syntax and variable names. This simple little feature greatly improves the ... READ MORE
Becoming a Master Template Creator with Jinja2: Getting Started
My last blog was a primer for getting into scripting web templates using Jinja2. In this next blog (part two of an intended four part series) we'll get started by installing the necessary dependencies, setting up a directory, and starting to build our site. Installation Before we get started, it's important to note I'm running Ubuntu Gnome 15.04, so the majority of commands ... READ MORE
SMShing Like Clockwork
Phishing utilizing SMS messages or SMShing is an increasingly common technique used in European countries. Many users are very aware that they should not trust all incoming email messages and thus it might be desirable for a pentester to try and take a different approach. To meet this need, the King Phisher project now includes simple instructions on how to send SMS messages as ... READ MORE
Building a Lab Network in ESXi
Every hacker I know is always looking for ways to practice and improve their skills. One of the things I feel that is in short supply, is access to realistic networks to actually break into. Even here on this blog, we have a lot of posts about systems you can create to subsequently hack. In the real world, though, you will need more skills than running (or even creating an ... READ MORE
BMP / x86 Polyglot
It's often desirable for an attacker to cover their tracks and hide their actions. This is often accomplished by randomization of any combination of bytes and strings, order of contact or time delays. While this can be effective in certain scenarios, a trained eye will still be suspicious of anomalous data traveling across their network. Take as a prime example the recent trend ... READ MORE
Becoming a Master Template Creator with Jinja2: Introduction
In my previous line of work, I made a living as a web developer. My time was spent building websites in content management systems, customizing the front end for clients and ensuring the back-end was usable and worked as intended. Today, I mostly tap my front-end developer experiences for building websites for use in social engineering campaigns. As we don't use content ... READ MORE
King Phisher 1.1 Released
King Phisher version 1.1 has been released today with numerous improvements since the last release in October. One of the most exciting new features is the ability to send phishing emails in the form of calendar invites. This causes an email to be sent to the target that looks like a typical meeting request. More information on using the new calendar invite mode (including an ... READ MORE
Github Primer: Collaborating with Git
This post serves as a simple walk-through of how to contribute to a repository or collaborate on a project with others using github.com. The content is broken down into three sections: (1) How to create your own fork of the repository that you wish to contribute to. (2) How to sync your branch with a branch from your upstream repository (the upstream repository is the ... READ MORE