Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of:BulletsPassViewMITMsmtpmitmproxy

Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I:Find Eric's secret SSH back doorLocate and decrypt a hidden file with Billy's homeworkBuild wordlists with cewlSave Billy from the evil clutches of Eric Gordon!!!

Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment and much more! From a pentesting POV, you can whip up an Android pentesting environment, BloodHound/SharpHound combo, Burp Suite...give it a spin!

Hey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2). In our journey we learned some good stuff:Port knocking is awesome using utilities like knock:/opt/knock/knock 10.0.7.124 1466 67 1469 1514 1981 1986Sending emails via command line is made (fairly) easy with swaks:swaks --to eric@madisonhotels.com --from vvaughn@polyfector.edu --server 192.168.110.105:2525 --body "My [...]

Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on the cheap from vast.ai. Here's my chicken scratch notes for how to take the downgraded authentication hash capture (using Responder.py -I eth0 --lm) and eventually tweeze out the NTLM hash of the domain controller. Let's [...]

Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things:You can fuzz a URL with a specific file type using a format like this:wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.capTo rip .cap files apart and make them "pretty" you can use tpick:tcpick -C -yP -r tcp_dump.pcapOr tcpflow:apt install tcpflowtcpflow -rTo do port knocking, you can use the [...]

In today's tale of pentest pwnage we talk about:The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructureCopying files via WinRM when copying over SMB is blocked:$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *...then provide your creds...and then:copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sessIf you come across PowerShell code that crafts a secure string [...]