Posts

I noticed a nice, cheap, low-tech alternative to badge cloning on a recent physical security engagement and thought I’d share. This post is going to be short and sweet.

When performing social engineering engagements, it’s tricky to find a payload that demonstrates the gravity of the attack without going full-on red team and shelling boxes. I’ve developed something for a recent test that I think finds a nice balance - an Excel macro that will take a screenshot of the user’s desktop and leverage their local Outlook profile to email it back to a predefined address.

Working on hacking a mobile app that uses NTLM to authenticate to a back-end web service? Make sure to check out Part 1 first. In this blog, we’ll assume we could not crack the password and instead need to relay the Challenge/Response to interact with the API.

Doing a black-box test of a mobile app that uses NTLM authentication to speak to the web service? You may find your typical tools won’t work. Read on for information on intercepting, inspecting, and modifying the API calls. You might even get lucky and crack a clear-test master password.

The XML parsing engine for Plex Media Server’s SSDP/UPNP functionality was vulnerable to an XML External Entity Processing (XXE) attack. This would have allowed attackers to access arbitrary files and capture NetNTLM challenge/response.

This is part two in a series of blogs on cryptocurrencies and security. The goal is to show how passwords can be recovered for encrypted Bitcoin Core (or Satoshi Client) wallets.

This is part one in a series of blogs on cryptocurrencies and security. The goal show how your private keys could be extracted from an encrypted USB stick, like a Tails OS persistent volume.

In this post, we will walk through detailed steps to intercept, review, modify, and replay flash-based web apps. For demonstration purposes, I’ve selected a blackjack-style card game.

A real-life example of bypassing UI restrictions in a web application.

Beginners guide to intercepting HTTP traffic on Android.