Fork me on GitLab
  1. Hijacking NTLM-powered Mobile Apps (Part 2 - Relaying with Metasploit)

    Working on hacking a mobile app that uses NTLM to authenticate to a back-end web service? Make sure to check out Part 1 - Cracking with Responder first. In this blog, we’ll assume we could not crack the password and instead need to relay the Challenge/Response to interact with the API. …


  2. Hijacking NTLM-powered Mobile Apps (Part 1 - Cracking with Responder)

    Doing a black-box test of a mobile app that uses NTLM authentication to speak to the web service? You may find your typical tools won’t work. Read on for information on intercepting, inspecting, and modifying the API calls. You might even get lucky and crack a clear-test master password. …


  3. How to Steal Bitcoins: Part 2 (Cracking Bitcoin Core wallet.dat Files)

    This is part two in a series of blogs on cryptocurrencies and security. The goal is to recover passwords from encrypted Bitcoin Core (or Satoshi Client) wallets. …


  4. How to Steal Bitcoins: Part 1 (Cracking Encrypted USB Drives)

    This is part one in a series of blogs on cryptocurrencies and security. The goal is to extract data from an encrypted USB stick, like a Tails OS persistent volume. Theses are commonly used for cold storage of Bitcoin, Ethereum, and other alt-coins. …


  5. Penetration Testing Flash Apps (aka “How to Cheat at Blackjack”)

    In this post, we will walk through detailed steps to intercept, review, modify, and replay flash-based web apps. For demonstration purposes, I’ve selected a blackjack-style card game. We will work to control what cards are dealt, as well as how a score is calculated. …


  6. Hacking a Pizza Order with Burp Suite

    Web hacking skills can be used to solve critical challenges in business and life – like customizing a pizza order. Read on to see how I overcame a restricted UI to triumphantly top my pizza just the way I wanted it. …


  7. How to Spy on Your Android Phone

    Ever wonder what your phone is really up to? This tutorial will show you how to closely inspect the information flowing in and out of your mobile applications. You might be surprised to see where your information is going. …


  8. Cracking Passwords Based on Song Lyrics

    There’s been a lot of news in the media lately about using tools like encryption and password managers. Both of these can leverage a single password to unlock a ton of vital information. Because of this, people are looking to create longer, more complex “master keys”. This blog demonstrates a method of guessing some of those keys. …