Collaborate Disseminate
When performing a passive packet capture of a network, I have seen a large amount of traffic being broadcast using different protocols. These protocols are primarily used to perform some kind of traffic routing/fail over/redundancy in case… Continue reading Should I be seeing network management protocols on ‘user’ subnets?
Several software packages on our SOE Windows machines come with DEP and ASLR memory protections off by default. More troubling is that these applications run as SYSTEM and load their own drivers.
Given that these are expecte… Continue reading Is it safe to deploy software without memory protections such as DEP/ASLR?
I’ve noticed that when extracting password hashes from a domain controller (using Elcomsoft proactive password auditor) sometimes I’ll get LM and NTLM hashes and other times I’ll only get NTLM hashes.
I note that the NTLM + LM hashes (the… Continue reading NTLM/LM Hashes on Domain Controller
I’m looking for any guidance around testing a service I’ve found running on a target server. I’m doing a ‘black-box’ pen-test and the company is one of those ‘I-don’t-want-to-tell-you-anything’ types so they won’t tell us wha… Continue reading Black-box fuzzing a TCP Port running an unknown applicaiton
A mate pulled a quality prank on me the other day by sending me a SMS via a Spoofed number. He’s bought a SMS gateway and can set the message ID/phone number to be ‘God’ (or whatever he wants(letters or numbers)).
I wanted t… Continue reading How to track a Spoofed SMS on Iphone
I’ve got a laptop that is currently ‘Air Gapped’ that I want to further secure by locking down the USB ports and NIC. I’ve disabled the NIC from the BIOS, removed the WiFi and bluetooth modules. But I don’t want to disabled t… Continue reading Physically Blocking All PC Ports?
I’ve found during a lot of recent pen-tests that companies will use passwords like
c0mp4ny@b(
for a company called “company abc”
Is there any quick and easy way to generate a list of passwords based on as many possible ‘leet speak’ … Continue reading Password list generation
I understand there are a number of different motion sensor technologies out there, including Active Infrared (AIR), Passive Infrared (PIR), Microwave and Ultrasonic motion sensors.
I would like to know what the advantages a… Continue reading What are the advantages and disadvantages of different types of motion sensors?
One of the things I need to do from time to time is to find subdomains of a site for example.
Starting with example.com
sub1.example.com
other.example.com
another.example.com
I’m looking for any additional ways to perf… Continue reading How can I find subdomains of a site?
I’ve noticed that some web-app security scanners flag the ‘AutoComplete’ feature of some websites (in the username/password fields) as a security risk and thus suggest including AutoComplete=off or in the code somewhere.
I’v… Continue reading Should web sites disable form autocomplete on all forms?