Collaborate Disseminate
Sometimes as a pentester you find yourself in tricky situations. Depending on the type of engagement, you might want to try to avoid making a lot of noise on the network if possible. This blog post is going to talk about two techniques to use to gather… Continue reading A Container Hacker’s Guide to Living Off of the Land
At SECOM, we perform many forms of social engineering attacks, from phishing to vishing and smishing as well as impersonation. All of these attacks are used regularly by actual attackers and should be tested as part of a robust security assessment in e… Continue reading In 2019, Test Impersonation Attacks
I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well. DoubleTap (by @4lex) I <… Continue reading Pentest Toolbox Additions 2018
In the effort to get me blogging again I’ll be doing a few short posts to get the juices flowing (hopefully).
Today I learned about the userData instance attribute for AWS EC2.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-meta… Continue reading AWS EC2 instance userData
Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! Full Show NotesFollow us on Twitter: https://www.twitter.co… Continue reading Brent Dukes – Application Security Weekly #41
Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data.
[The post Passive DNS for the Bad has been first published on /dev/random]
In this book review, I looked at the topic of pentesting cloud-based applications, specifically Microsoft’s Azure. While the focus of the book was for Azure, a lot of the information will be beneficial no matter the cloud environment. […] Continue reading A Book Review of “Pentesting Azure Applications” by Matt Burrough
Evilginx2 is a man-in-the-middle framework that can be utilized to intercept credentials including two-factor methods victims utilize when logging in to a web application. Instead of just duplicating the target web application it proxies traffic to it … Continue reading Evilginx2 Man-in-the-Middle Attacks – Tradecraft Security Weekly #29
Social Mapper is a new open source intelligence tool that uses facial recognition to correlate social media profiles. The tool has been developed by Trustwave, a company that provides ethical hacking services. Apparently, the tool has already been test… Continue reading Social Mapper Uses Facial Recognition to Track Users on Social Media
It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.
[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own …read more