Entropy is not what it used to be.

  • Quick SSH security tips

    Just a quick post about a page I stumbled across, and I merely want to keep it in bookmarks. I was talking to some people to secure public facing SSH servers; and while we have the obvious: Only allows SSH2 Disable root logins Use keypairs instead of passwords Implement fail2ban When researching to make internet…

  • Testing phishing scenario’s

    When I joined my company, I was asked to perform a few social engineering assessments for private and government customers alike. Previously, the assessment being done were more testing the amount of people that would click a link in a spoofed e-mail, regardless of the damage. But I wanted to step things up a bit,…

  • Cross Window Redirect slides

    Khaled and I just gave a talk in Owasp Qatar about tricks you can do with the Cross Window Redirect, and how it can help you in phishing attacks. I few people asked for the slides, so I though I’ll link to them here. The Cross Window redirect from Michael Hendrickx The PoC links are:…

  • The fake CC conversation

    During social engineering exercises, one of the difficulties we face is to get a person to click a link or open an attachment. For the past few decades, we haven’t seen much changes in it. A rather, *sad* part even, a few days ago; Cisco researchers wrote about a quite aggressive malware; Rombertik. While being…

  • Filtering password lists due to policies

    Sometimes if you’re performing a password bruteforce attack, either against local hashes or remotely against a service, you could use password lists rather than a pure bruteforce (incremental) one. People are most likely to use dictionary words, names, keyboard combinations or anything related to it. These passwords lists can be found anywhere online. The problem…

  • KeyWalking: pattern based passwords

    TL,DR; download the script here. In security audits, when we get a password file we -even though we may have admin or root access on the target already- usually grab the password file for offline cracking, just to see if there’s any passwords that users re-use, which would give us more access to other systems.…

  • MS15-034 online checking tool

    A friend and colleague of mine, Bhadresh, made a quick page to check whether your IIS site is vulnerable to the MS15-034 (CVE-2015-1635), the HTTP.sys remote code execution vulnerability. Check now, and make sure you don’t fall into the hands of blackhats. You can test it at: http://sys.flurk.org/ms15-034/

  • The need for emergency access codes

    “I have nothing to hide.” is one of the more recent empty responses when conversing about privacy. We’re not all criminals, but we all have something to hide. Whether it’s a snoopy spouse, an unfair employer or a threatening government cellphones are now -more than ever- secure from physical access. Having a pin code on…

  • Brocade brute forcer

    During a pentest, I needed to test a Brocade SAN Switch. Since the Java webstart was quite slow, and I couldn’t find another script – I quickly coded this together to brute force passwords: brocade_brute.rb

  • Install Burp CA certificate on Android Emulator

    Some people ask me how they can “hijack” HTTPS API calls from an Android app. One of the best ways is to use PortSwiggers free Burp Suite, and hijack all traffic between your app and the server. One of the problems is, how do you add burp’s CA certificate to your android (emulator)? Burp’s help…

Got any book recommendations?