Quick Hit: Base64 PowerShell Exfiltration

Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data.  How would you do that?

The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂

Continue reading “Quick Hit: Base64 PowerShell Exfiltration”

Quick Hits: Screen

Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?

Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”

Wireless Hacking

This is just a quick post to provide the presentation I gave tonight at PwnSchool.  If you’d like to review it you can download it here.  Thanks!

Topics covered:

  • Introduction to Radio Frequency
  • Wireless  Hacking (WEP and WPA2)
  • RFID Hacking (HID Prox and MIFARE)
  • Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)

The Four Three Rule of Team PenTesting

Two posts in one night, because I’m catching up on some backlog items.  I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years.  While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that.  It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.

Continue reading “The Four Three Rule of Team PenTesting”

Powered by WordPress.com.

Up ↑