Here is a pretty neat trick I learned sometime ago using NTSD (from my good friend @_MC_).  NTSD (Microsoft NT Symbolic Debugger) is a debugger that is packaged as part of Windows.  You can find ntsd.exe in your system32 directory. This little trick works by setting up the victim machine as a server using the -server flag.  This allows the debugging server…

Introduction In this blog post we will look at some of the differences between a several of the most widely used Debuggers/Disassemblers.  This post is by no means exhaustive.  It is meant as a brief overview to give people new to reversing a “quick start” guide.  If there is anything that I may have missed…

Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds are still wired to play there. Maybe that’s why we love offsec, let’s get to the point though… We made a lab. We…

Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm. After talking with some colleagues I have come up with the following, here’s some things you should know: First, be happy for H.D. Moore. He is one…

Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs. First things first, most of these addons will have compatibility issues. To update a Firefox…

Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password…

In case you didn’t see it, Rob Ragan (HP security) had an awesome presentation on filter evasion and his tool  on the IronGeek.com website. Check it out. The audio is a little low, might need to turn up the volume. Slides here : http://tinyurl.com/n86w4o

So you’re on a social engineering test… and you need to target some users for spear phishing. Previously we’ve used theHarvester and metasploit for this, but I’ve now fully switched over to esearchy by Matias P. Brutti. Install on BT5: Let’s Pick on Valve (for no particular reason): Output for Social Profiling” There a lot…

Bruting web forms usually is part of a web app assessment. We love to use Hydra, Medusa, or Wfuzz for this but we recently stumbled across a tool that makes it much easier.  It’s called Fireforce. It’s a Firefox extension that gives you point and click bruting. We ran it in our labs with about a…

This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile  application. Many of easier-to-defeat methods involve checking the iOS file system to see if any jailbreak relevant files exist. If we need test an application that employs this type of protection, we need to figure…