Code, Hack, Tech
Social engineering, in particular through the medium of email, is very likely the greatest threat to an average organization. While 0-days do come around and pose real threats to organizations and many of them do not implement strong patch management programs, phishing is simply easier and more effective for the…
1 CommentTheHarvester I’m going to present this tool in two ways to show simultaneously how cool this utility is and the slightly less impressive way it is actually done: What appears to happen: Type in a username, receive a list of sites that user exists as a member. Type in a…
Leave a CommentIntroducing Battalion Over the past 2.5 months a friend – @eidolonpg – and I have been working on a tool which was spawned from the previous articles written here. If you’ve read the past few posts have been about ‘Reconnaissance’ and, lately, chaining various recon tools together you’ll understand how this…
Leave a CommentGobuster TheColonial wrote a really cool tool called Gobuster which is similar to fierce but programmed in Go. I wanted to include it here because I tend to have better performance using this tool than fierce, by a LOT. Gobuster can be found on github here. There are a few issues to…
Leave a CommentThis series is about setting up a recon machine in the cloud, using some basic tools, and diving in to the recon process! As I move my career in to the security space I want to document my process. Part of this involves testing various utilities and trying my hand at…
Leave a CommentImageMagick is a server-side image processing engine which is very widely used. Some functions include compressing/resizing submitted images (profile pictures, for instance) to standardize files in the server’s database. Some of the popular image processing plugins in php, ruby’s rmagick, and others use ImageMagick’s platform. Before going further, here’s a…
Leave a CommentWhat is it? DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a recently discovered (March 2016) vulnerability in SSL/TLS which can allow attackers to break the security SSL and TLS are supposed to provide and acquire the newly decrypted data. The flaw exploits servers which still support encryption services…
Leave a Comment