Things I've learned and want to share
Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?
Continue reading “Quick-Hit: Editing Submissions in BurpSuite”
Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?
Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”
So… I got a Proxmark3 RDV 4 for Christmas. It’s great. It’s tiny, svelte, and… had a bunch of errors right out of the box. Naturally that means it’s time to reflash it, but as it turns out the default wiki instructions for Kali Linux aren’t quite right for the RDV 4 now. Let’s fix that, shall we?
It’s pronounced like the title says.
Anything else is just wrong. You heard me Killswitch.
I had some requests to provide my take on the OSI model separately from the presentation I made at PwnSchool, so here you go… the most comprehensive, authoritative version of the OSI model ever presented.
This is just a quick post to provide the presentation I gave tonight at PwnSchool. If you’d like to review it you can download it here. Thanks!
Topics covered:
Two posts in one night, because I’m catching up on some backlog items. I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years. While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that. It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.
I realized I didn’t have any good notes on Radio Frequency Identification (RFID) tags/badges/etc, so I figured it was time to compile that and update it while I’m at it. This post is just a quick run-down of the frequencies, types, and common cards/IDs. If you don’t know what an RFID is, for the purposes of most pentesting it’s a security badge or a key fob, like you can see in the image at the top of this posting.
I have to teach some folks how to find, isolate, and analyze signals tomorrow, which of course means this is the perfect time to document some quick steps for my own reference. I started the build out from the DEFCON 26 Hardware Hacking Village Kali Live Build. If you don’t have it your mileage may vary… on to the buildout.
I’ve been taking photos of all the badges/SAOs/Challenge Coins/etc I collected at DEFCON 26. I’m sure I’ve missed a few, but in no particular order here are the images so far, with a quarter for size reference. I’ll be making very high resolution images of most in the future, but now these will work.
Hermit's Cave 