Cracking password hashes with Google Colab - FOR FREE!
I recently found myself on an engagement without a viable cracking rig. While searching for alternative ways, I came across some methods utilizing Google’s C...
Archive
2020
2019
USB Drop Assessment Guide
I recently did a talk at RVASec (great con btw) regarding USB drop assessments. I hesitated on submitting the talk as I was concerned that the interest level...
Survival Tactics for Managing Penetration Tests
Consultants have to wear many hats and occasionally that includes being a project manager for the more complex assessments. While traditionally there are pro...
2018
Introduction to Shodan
Shodan gets a bad rap. Many of you have probably heard the connotation that Shodan is “the world’s most dangerous search engine” or “dark Google” and it’s so...
Shodan Cheat Sheet
Shodan’s a search engine which helps find systems on the internet. It’s a great resource to provide passive reconnaissance on a target or as a measuring tool...
2017
Hacking Flash Games (Client-side Attack)
One of the areas of interest that first led to me to becoming passionate about security was the Game Genies and Game Sharks. I thought it was fascinating to ...
Responder Fun
While researching some ways in which to obtain Domain Admin within an organization, I started playing around with Responder and figured I would share a quick...
Stealing Hashes with LAN Turtle
When you hear that you can steal user hashes from locked machines, everyone’s ears perk up. This attack vector has been around for almost a year now, which s...
Quick Python Port Scanner
I’m not a programmer by trade and only have limited experience by just hacking and slashing existing code to accommodate my needs for work/pen testing. In an...
Mr-Robot 1 Walkthrough
I haven’t had a chance to watch all of the Mr. Robot series but this machine was a lot of fun. What I particularly like is that you are rewarded if you prope...
Kioptrix 5 Walkthrough
This was perhaps my favorite Kioptrix series and really felt like an OSCP-type machine. Once I got more time, I exploited this machine without Metasploit whi...
Kioptrix 4 Walkthrough
This set-up is slightly different than the images previously in the series, as it’s a hard-drive file that you attach to your manually created VM. While it s...
Kioptrix 3 Walkthrough
There are a ton of different ways to achieve the same result on this machine which is what I liked most about this one. It wouldn’t be a bad idea to do this ...
Kioptrix 2 Walkthrough
This is the updated image (as the previous option fixed a few bugs) but from my understanding it roughly works the same for both. This is certainly a beginne...
Kioptrix 1 Walkthrough
The Kioptrix series is a great starter boot2root series. It increases in difficulty in a gradual flow and can really help hone your enumeration process. If a...
SickOS 1.2 Walkthrough
The SickOS series from VulnHub gives you a small taste of what to expect while pursuing your OSCP. Below is a walkthrough of how to compromise SickOS 1.2 and...
SickOS 1.1 Walkthrough
The SickOS series from VulnHub gives you a small taste of what to expect while pursuing your OSCP. Below is a walkthrough of how to compromise SickOS 1.1 and...
OverTheWire: Bandit Solutions
If you’re looking to hone some of your shell skills then the OverTheWire: Bandit series is certainly a step in the right direction. By the time you finish, y...
Obtaining HTTP Request Method’s
When conducting security reviews (penetration tests, vulnerability assessments, etc) understanding what HTTP request methods exists can become imperative to ...
Getting Started As A Hacker
Anyone in InfoSec always gets asked this question, “How do I become a hacker” and “Where do I start”. I’ve been getting it an abnormal amount as of late so I...
Fighting the Good Fight
Currently I’ve been toying with the security implications that can be imposed on an organization around authentications based on your phones proximity and pu...
OSCP Review
There are tons of OSCP reviews floating around the web so I’ll keep the fluff to a minimum, to better make use of both our time. If you want to get to the me...
Msfvenom Cheat Sheet
Msfvenom (replaced the former msfpayload and msfencode tools) and is a tool that can be used to generate payloads as standaline files and encode them if need...
Netcat Cheat Sheet
Netcat which has been famously labeled as the “Swiss army knife of hacking” is a networking utility used for reading/writing from TCP/UDP sockets, port scann...
TTY Spawning Cheat Sheet
Below are some helpful tricks to spawn a TTY shell in the event you need to further interact with the system. These are also helpful in breaking out of “jail...
Basic Buffer Overflows
A lot can be said about buffer overflows and they are perhaps the most daunting part of attempting the OSCP for most. However, as you'll find in most of your...
Started A Blog
I’ve thought about making my own blog for several years now and I finally took the leap! I figured this would serve as a good place to put my thoughts into w...