QuickHit: Things to Attack

Need a quick list of things to attack?  Try these. 🙂

Continue reading “QuickHit: Things to Attack”

Wireless Hacking

This is just a quick post to provide the presentation I gave tonight at PwnSchool.  If you’d like to review it you can download it here.  Thanks!

Topics covered:

  • Introduction to Radio Frequency
  • Wireless  Hacking (WEP and WPA2)
  • RFID Hacking (HID Prox and MIFARE)
  • Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)

The Four Three Rule of Team PenTesting

Two posts in one night, because I’m catching up on some backlog items.  I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years.  While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that.  It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.

Continue reading “The Four Three Rule of Team PenTesting”

RFI PHP Webshell Injector

Sometimes you just need a quick PHP webshell to complement your RFI vulnerability you’ve uncovered.  There are plenty of “fancy” ones with lots of features, but I prefer simple, effective, command-line equivalent access any day.  If you’re of that persuasion as well, just use this as the target of your RFI to give yourself Hermit’s Stupidly Simple WebShell (HSSWS).  Enjoy!

Continue reading “RFI PHP Webshell Injector”

Website Powered by WordPress.com.

Up ↑