home


  • Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, a “firewall” decides what does and does not get to proceed through it. Most organizations have one of these protecting their network from the rest of the Internet. Some organizations place them in the most opportune spots to segment off specific areas of their internal network. The system you are using right now to read this blog post most likely has a firewall built-in.The general consensus about what a firewall does is that it keeps “bad stuff” from entering a protected network or system. But firewalls can also keep things from ...
    Posted May 3, 2016, 9:59 AM by DAFT HACK
  • REVIEW: Kali Linux Web Penetration Testing Cookbook I perform pentests against web applications on a regular basis amongst other types of pentesting including internal network assessments, external network assessments, phishing, wireless, C2, pivot tests and more. In the past two years I've pentested around 40 different web applications for various organizations. I read the Kali Linux Web Penetration Testing Cookbook, and wanted to share my thoughts on the book.TL;DRThis is a great book for introducing webapp attack vectors to new pentesters. There might be a section or two that seasoned pentesters find useful. I felt the author did a great job describing the tools and techniques in the book. The book lacks details into the underlying web protocols so don't expect to ...
    Posted Mar 29, 2016, 9:13 PM by DAFT HACK
  • Password Spraying Outlook Web Access - How to Gain Access to Domain Credentials Without Being on a Target's Network: Part 2 This is a cross-post from the Black Hills Information Security blog. You can read it here: http://www.blackhillsinfosec.com/#!Password-Spraying-Outlook-Web-Access-How-to-Gain-Access-to-Domain-Credentials-Without-Being-on-a-Targets-Network-Part-2/c1592/56c1f10e0cf2365fef58cce1This is part two of a series of posts (See part 1 here) where I am detailing multiple ways to gain access to domain user credentials without ever being on a target organization's network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on another external service. The second method is what I think is a far more interesting way of ...
    Posted Mar 9, 2016, 5:21 PM by DAFT HACK
  • Exploiting Password Reuse on Personal Accounts - How to Gain Access to Domain Credentials Without Being on a Target's Network: Part 1 This is a cross-post from the Black Hills Information Security blog. You can read it here: http://www.blackhillsinfosec.com/#!Exploiting-Password-Reuse-on-Personal-Accounts-How-to-Gain-Access-to-Domain-Credentials-Without-Being-on-a-Targets-Network-Part-1/c1592/56c1ebf50cf247e929ac2069In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization's network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on another external service. The second method is what I think is a far more interesting way of gathering user credentials that involves discovering ...
    Posted Mar 9, 2016, 4:55 PM by DAFT HACK
  • Stored XSS via Reflected XSS... or How Not to Fix Your Web Application This is a cross-post from the Black Hills Information Security blog. You can read it here: http://www.blackhillsinfosec.com/#!Stored-XSS-via-Reflected-XSS-or-How-Not-to-Fix-Your-Web-Application/c1592/56aa33c40cf289b6a281f44cCross-Site Scripting (XSS) is a vulnerability commonly found in web applications that allows attackers to inject scripts that will execute in a target’s browser. Often times these vulnerabilities are exploited to gain access to a target’s session tokens. There are a few different flavors of XSS that are known to exist. The most common form we find is Reflected XSS. Reflected XSS is typically found in form fields where the user’s input is reflected back to the browser. For example ...
    Posted Feb 1, 2016, 10:18 AM by DAFT HACK
  • SANS Holiday Challenge 2015 Write-up If you would like to view the PDF version of this write-up here you go: SANS Holiday Challenge 2015 Write-up PDFGnome in Your Home: The 2015 SANS Holiday Hack ChallengeWrite-up by Beau Bullock@dafthackTable of ContentsGnome in Your Home: The 2015 SANS Holiday Hack Challenge Table of Contents Introduction Part 1: Dance of the Sugar Gnome Fairies: Curious Wireless Packets Part 1 Questions and Answers Part 2: I’ll be Gnome for Christmas: Firmware Analysis for Fun and Profit Part 2 Questions and Answers Part 3: Let it Gnome!  Let it Gnome!  Let it Gnome! Internet-Wide Scavenger Hunt Part 3 Questions and Answers Part 4: There’s No Place Like Gnome for ...
    Posted Jan 5, 2016, 7:23 AM by DAFT HACK
  • Pentest Apocalypse Talk This past weekend I spoke at Security BSides Tampa 2015. My talk was about when an organization hires a penetration tester and the tester walks all over the network effectively causing a “pentest apocalypse”. Below is a video of my talk. Slides link: http://www.slideshare.net/dafthack/pentest-apocalypse Pentest Preparation Guide link: http://bit.ly/1FF33nH
    Posted Feb 26, 2015, 1:10 PM by DAFT HACK
  • How to Crack Password Hashes Efficiently Why Do We Need To Analyze Passwords?To be a part of an information security team at most organizations can be a tough role to play. Being the one who sets a 15 character minimum password policy is even tougher. Organizations should start moving in this direction though. 8 character minimum password policies are not cutting it anymore. If you give a user a chance to make an 8 character password most of them will. Don’t think that administrative users (e.g. Domain Admins) in your environment are smarter than the rest of your employees and will make smart decisions when choosing a password. I have seen firsthand where a Domain Admin will use the company name in their ...
    Posted Nov 25, 2014, 5:10 AM by DAFT HACK
  • Derbycon 2014 The following are my notes from the talks I attended at Derbycon 2014. KeynotesJohnny Long - Hackers Saving The World From A Zombie Apocalypsehttp://www.youtube.com/watch?v=IBAbzS5JlEcHackers For Charity helped rebuild a village that burned. 200 homes were destroyed.After rebuilding HFC were able to create jobs for some of the villagers. They started a leather-working shop.Johnny needs help building servers for remote sites to connect back to their computer center.They need 13k for the computer center to operate and 6k for a new hackerspace.UPDATE: At the closing ceremonies Johnny announced that two different individuals approached him at the conference and wrote him checks for both of those numbers. Also, the ...
    Posted Oct 1, 2014, 10:36 AM by DAFT HACK
  • Security BSides Orlando & SANS 2014 Security BSides Orlando 2014What a awesome week! Last weekend (April 5, and 6th) was Security BSides Orlando 2014. So much was packed into just two days. To start out Kevin Johnson from Secure Ideas gave an awesome keynote touching on the value of certifications, and the potential of creating a centralized licensing institution. One example he gave was for a penetration tester to become "licensed" he would have to perform a real world pentest and provide a report to a "bar" of InfoSec professionals. This would be an in person review of the candidate where they would be asked questions about their testing methodologies to determine if they truly know what they are talking about. After the keynote talk ...
    Posted Apr 13, 2014, 1:28 PM by DAFT HACK
Showing posts 1 - 10 of 65. View more »