Collaborate Disseminate
One of the risks being simulated for organizations are stolen laptops.
Was wondering if anyone had a methodology/list of items to check when assessing the security of Windows laptops.
Here is my list so far:
Check that di… Continue reading Stolen laptop simulation – Pentest
When looking at threat models I came across STRIDE (from Microsoft) and then came across Mitre ATT&CK, they seem to be different – one is a threat model and the other is a threat intelligence methodology.
What’s fuzzy to… Continue reading Difference between STRIDE and Mitre ATTACK
Say an attacker had access to a list of OpenID tokens, what could the attacker leverage with that to access a system?
Would they need to have another piece of information, MITM? Or can they just use that to authenticate.
… Continue reading What can an attacker do with an OpenID token
What hardware/software combination can I use to clone Low Frequency NFC badges.
When checking the specs on the HackRF One and the RTL-SDR they don’t seem to cover that frequency range.
Continue reading How to clone a low frequency (LF 120-140 Khz) NFC badge
Lets say I want to scan a large amount of ip addresses for webservers running on port 80 (aware that there are other ports for webservers, ignoring for example).
What would be the most efficient way to do this?
Here are som… Continue reading Most efficient way to scan for webservers
Suppose a web app is being tested where all the functionality is behind a login.
One of the tests to be run is to check whether any of the pages are available without log-in.
We try the actual url of the page we want to re… Continue reading Web App Pentesting: When enumerating website directories and files, how to tell if HTTP 200 is a valid page, or a failure page?
Suppose a web app is being tested where all the functionality is behind a login.
One of the tests to be run is to check whether any of the pages are available without log-in.
We try the actual url of the page we want to re… Continue reading Web App Pentesting: When enumerating website directories and files, how to tell if HTTP 200 is a valid page, or a failure page?
When running a malware removal tool on a system what steps does it take to be successful.
My guess would be it does:
Scans for known malware (based on signatures?)
Ends their running processes
Delete the file(s)
Is this … Continue reading How do Malware removal tools work? [on hold]
What enterprise level tools are available for Windows 10 Malware Removal?
Microsoft has a malware removal tool and was wondering what other tools were available in this space.
Continue reading Tools for Windows 10 Malware Removal? [on hold]
If a phishing email came through with a link to a website hosting BeEF (or another such framework) what would be the Indicators of Compromise for such an attack.
Additionally, if systems were compromised what would be the be… Continue reading BeEF – What are the Indicators of Compromise (IOC)