-
NTSD Backdoor
Here is a pretty neat trick I learned sometime ago using NTSD (from my good friend @_MC_). NTSD (Microsoft NT Symbolic Debugger) is a debugger that is packaged as part of Windows. You can find ntsd.exe in your system32 directory. This little trick works by setting up the victim machine as a server using the -server flag. This allows the debugging server…
-
New to reversing? The differences between IDA Pro, ImmDBG and OllyDBG
Introduction In this blog post we will look at some of the differences between a several of the most widely used Debuggers/Disassemblers. This post is by no means exhaustive. It is meant as a brief overview to give people new to reversing a “quick start” guide. If there is anything that I may have missed…
-
Network Pentest Lab
Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds are still wired to play there. Maybe that’s why we love offsec, let’s get to the point though… We made a lab. We…
-
Metasploit Buyout
Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm. After talking with some colleagues I have come up with the following, here’s some things you should know: First, be happy for H.D. Moore. He is one…
-
Hacking with your Browser
Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs. First things first, most of these addons will have compatibility issues. To update a Firefox…
-
Password Attacks – Saving Time for the Fun Stuff
Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password…
-
Filter Evasion – Houdini on the Wire
In case you didn’t see it, Rob Ragan (HP security) had an awesome presentation on filter evasion and his tool on the IronGeek.com website. Check it out. The audio is a little low, might need to turn up the volume. Slides here : http://tinyurl.com/n86w4o
-
esearchy – my new favorite OSINT script
So you’re on a social engineering test… and you need to target some users for spear phishing. Previously we’ve used theHarvester and metasploit for this, but I’ve now fully switched over to esearchy by Matias P. Brutti. Install on BT5: Let’s Pick on Valve (for no particular reason): Output for Social Profiling” There a lot…
-
Easy, breezy, beautiful, password attacking…
Bruting web forms usually is part of a web app assessment. We love to use Hydra, Medusa, or Wfuzz for this but we recently stumbled across a tool that makes it much easier. It’s called Fireforce. It’s a Firefox extension that gives you point and click bruting. We ran it in our labs with about a…
-
Defeating iOS Jailbreak Detection
This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile application. Many of easier-to-defeat methods involve checking the iOS file system to see if any jailbreak relevant files exist. If we need test an application that employs this type of protection, we need to figure…