Clik here to view.
Bypassing Antivirus with crypter and CFF Explorer
Bypassing antivirus is always a cat and mouse game, and we’re always trying to stay ahead. I recently had a conversation with Justin Elze (@justinelze) on twitter about his version of WCE getting...
View ArticleClik here to view.
Phishing Frenzy: HTA PowerShell Attacks with BeEF
If you’re not currently using Phishing Frenzy, BeEF, or PowerSploit for your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the...
View ArticleClik here to view.
Burp Suite Tutorial – Web Application Penetration Testing (Part 2)
In the last article we introduced some of the useful features that Burpsuite has to offer when performing a Web Application Penetration Test. In part 2 of this series we will explore some additional...
View ArticleClik here to view.
Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting
It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t...
View ArticleClik here to view.
Smbexec 2.0 released
We released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports...
View ArticleUsing Metasm To Avoid Antivirus Detection (Ghost Writing ASM)
PrefaceIt seems that more and more these days I find myself battling head to head against my client’s Antivirus Detection capabilities. Payloads I encoded to successfully bypass one solution get picked...
View ArticleStealing Servers Through Directory Traversal
Recently I was conducting an internal penetration test for a client that is part of the financial industry. Since this client is a financial institution they are required to have an independent 3rd...
View ArticleUsing Nmap to Screenshot Web Services Troubleshooting
Recently a member from the Trustwave SpiderLabs team created an nmap NSE script that could be used to take a screenshot of webpages as it scanned the network. Working for a top 10 accounting firm, I...
View ArticleUsing Nmap to find Local Admin
While conducting penetration tests I almost always obtain user credentials; sometimes in cleartext, and other times just the hash. If your like me; you’ve often wondered, where do I have local...
View ArticleClik here to view.
Hard coded encryption keys and more WordPress fun
Metasploit modules [1, 2]A few days ago I was chatting with pasv about a recent vulnerability he discovered. Apparently there was demand for Razer Synapse which syncs the configuration for a Razer...
View ArticleClik here to view.
Scheduled tasks with S4U and on demand persistence
Github module [1, 2]I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the...
View ArticleClik here to view.
Pwn all the Sauce with Caller ID Spoofing
If we’re going to perform some pre-text phone calls we have a couple different options when it comes to the caller ID. We really only have 3 possible options which are: we do nothing to the phone...
View ArticleClik here to view.
PowerSploit: The Easiest Shell You’ll Ever Get
Sometimes you just want a shell. You don’t want to worry about compiling a binary, testing it against antivirus, figuring out how to upload it to the box and finally execute it. Maybe you are giving a...
View Article