Clik here to view.
Acquiring volatile memory from Android based devices with LiME Forensics, Part I
By Ismael Valenzuela.Up until now, most of the Android forensics research has been focused on areas like the acquisition and analysis of the internal flash NAND memory, SD Cards, understanding the...
View ArticleClik here to view.
Circumventing Internet Censorship
By Kunjan Shah. During my first engagement at Foundstone I tested a web filtering software and we found several ways of bypassing it. With the recent news around SOPA and the controversy around Indian...
View ArticleClik here to view.
Installing Lorcon2 on Backtrack 5 R2
Robert Portvliet Recently I wanted to play around with some of the wireless dos and fuzzing tools in Metasploit, which requires the installation of Lorcon2. I found this to be a bit of an adventure so...
View ArticleClik here to view.
A Quick Overview of Google Web Toolkit Application Security
By Vijay Agarwal. One of my recent engagements I had got an opportunity to work on a application which uses Google’s Web Toolkit (GWT). GWT is open source java framework used to create rich internet...
View ArticleClik here to view.
Mallory MITM + FIX SSL Decryption
by Paul Ambrosini. Recently, I was faced with testing a Java-based thick client that communicates using the “Financial Information eXchange”protocol, also known as “FIX”. (The protocol is documented...
View ArticleClik here to view.
Phishing 101 - Subject: Access Blocked
By Jerry Pierce. Give a man food, and he’ll eat for one day – teach a man to PHISH and he’ll use your credit card to live a lifetime. Well, at least until you notify your bank… Earlier this week, Brad...
View ArticleClik here to view.
Am I pwn3d? Windows *Native* Tool Triage
By Tony Lee and Jerry Pierce. So, you are surfing the web, checking your email, and performing other daily tasks… $#@!, you just realized you clicked a link, opened an attachment, or visited a site...
View ArticleClik here to view.
Saving Fiddler Sessions on Exit
By Neelay Shah. If you are like me and love to use Fiddler frequently, it can be incredibly frustrating at times when you close Fiddler by mistake or in a hurry and all your work is lost since Fiddler...
View ArticleClik here to view.
Am I pwn3d? Windows *Non-Native* Tool Triage
By Tony Lee, Jerry Pierce, and Vijay Agarwal. This is a continuation of our previous article on performing a Windows triage--however this time we will try to avoid using native Windows tools. Note that...
View ArticleClik here to view.
Getting Started with GNU Radio and RTL-SDR (on Backtrack)
By Brad Antoniewicz. In this blog post I'll aim to get you at least partially familiar with Software Defined Radio, the Realtek RTL2832U chipset, and provide Backtrack 5 R2 setup and usage instructions...
View ArticleClik here to view.
Using Mimikatz to Dump Passwords!
By Tony Lee. If you haven't been paying attention, Mimikatz is a slick tool that pulls plain-text passwords out of WDigest (explained below) interfaced through LSASS. There are a few other blogs...
View ArticleClik here to view.
Hack Tips: CiscoWorks Exploitation
by Tony Lee. This article is the third in a series (See Hack Tips: Blackberry Enterprise Server and Hack Tips: Good For Enterprise) covering, step-by-step, practical post-exploitation tips that can be...
View ArticleClik here to view.
Fun with Firebird Database Default Credentials
by Tony Lee. I have had a few internal network penetration tests now in which I came across the following finding identified by McAfee Vulnerability Manager (MVM): "Firebird SQL Default Credentials...
View ArticleClik here to view.
Sniffing on the 4.9GHz Public Safety Spectrum
By Brad Antoniewicz. Probably the most important thing to mention about the 4.9GHz spectrum is that you need a license to operate in it! If you don't have a license (I'm pretty sure you don't) - IT MAY...
View ArticleClik here to view.
A Simple USB Thumb Drive Duplicator on the Cheap
By Tony Lee and Matt Kemelhar. You may have had to shop for a USB duplicator for some reason or another and noticed that they can be quite expensive and the product reviews are not always very...
View ArticleClik here to view.
Detecting File Hash Collisions
By Pär Österberg Medina. When investigating a computer that is suspected of being involved in a crime or that might be infected with a malware, it is important to try to remove as many known files as...
View ArticleClik here to view.
Proxying Android 4.0 ICS and FS Cert Installer
By Paul Ambrosini. The first step to testing Android applications is to inspect the application’s traffic. If the application uses SSL encryption, this requires forcing the app to use an intermediate...
View ArticleClik here to view.
UnBup - McAfee BUP Extractor for Linux
By Tony Lee and Travis Rosiek. These days, antivirus is a must-have due to the ubiquity of adware, malware, viruses, and worms—yes, even if you are running a Mac. ;) Antivirus does a good job catching...
View ArticleClik here to view.
Can You Break My CAPTCHA?
By Gursev Kalra. I wrote a simple CAPTCHA scheme and wanted to share it with the awesome security community as a CAPTCHA breaking exercise. To solve the CAPTCHA an individual (or machine) will have to...
View ArticleClik here to view.
Simple but Extremely Useful Windows Tricks
By Tony Lee and Matt Kemelhar. Navigating Windows in the most efficient manner possible can be seen as wizardry-- it almost seems as if Microsoft tries to make it increasingly more difficult to...
View Article