Things I've learned and want to share
This is the quick-hit version of the second of three parts of Introduction to Cryptography training I gave. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.
This is the quick-hit version of the first of three parts of Introduction to Cryptography training I gave. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.
This is the quick-hit version of the firmware analysis training I gave. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.
This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Google and LinkedIn to profile an individual or organization. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – Social Media (Google and LinkedIn) (basic_0x08)
Note: Do not use spaces between an operator (e.g. “-”) and the thing it operates on. For example:
bob -dylan # No Bob Dylan results
bob - dylan # Bob Dylan shows up in resultsIf you need to reveal an (E)SSID you can do this simply through MDK3. To do so we’ll use the “p” mode, as follows:
mdk3 {INTERFACE} p -f /path/to/file/of/potential_names -t {AP_MAC_ADDRESS} -b {CHARSET}For the “CHARSET” you can use “a” (for all characters, not recommended except for tiny names), or one or more of the following:
Good hunting!
This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Twitter and Facebook to profile an individual or organization. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – Social Media (Facebook and Twitter) (basic_0x07)
This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Domain Name Services (DNS) to profile an organization. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – DNS (basic_0x06)
I was going through my old archives of files, exploits, and notes this week and came across a document I’d long since forgotten… a list of extensions I used to configure my mail hosts to block. I decided to give it a quick update to modernize some of the listings, and the resultant beast is 203 extensions. I wouldn’t say that everybody needs everything on this list, but if you’re looking for a one-stop list to be comprehensive I submit that this wouldn’t be a bad place to start.
This is quick-hit version of part three of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 3 of 3 (Pivoting and Automation) (basic_0x04)
The purpose of this article is to cover pivoting, port-forwarding, and automation to expand the reach of your tools and reduce the amount of time you spend on repetitive work. Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part two covered exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it. This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!
Continue reading “MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation”
Let’s say you’re in a location where the WEP network you’ve found is a bit guarded with replay attacks, or are practically no clients from which to capture a target packet. How can you get around this to generate data and crack the encryption?
Hermit's Cave 