Clik here to view.
Windows DLL Injection Basics
By Brad Antoniewicz. DLL Injection is one of those things I've always sort of knew about but never actually implemented. Probably because I never *really* needed to. I'm not a big gamer and not really...
View ArticleClik here to view.
Deobfuscating Potentially Malicious URLs - Part 1
By Tony Lee. When investigating network security incidents, there are two artifacts of malicious activity that require a great deal of research: Suspicious sites and suspicious files. Obviously, the...
View ArticleClik here to view.
Getting Started With Lock Picking
By Jason Bevis and Brad Antoniewicz. Lock picking is a hobby I first picked up many years ago and seem to always regain interest in. There's just something about being able to open a lock without a key...
View ArticleClik here to view.
Deobfuscating Potentially Malicious URLs - Part 1 Solution
a.k.a Fun with Google Redirects By Tony Lee. Hopefully you read last week’s blog post titled Deobfuscating Potentially Malicious URLs - Part 1 . In that article, we left you with a little challenge. We...
View ArticleClik here to view.
Attributing Potentially Malicious URLs - Part 2
by Tony Lee. This is the second part of a three part series covering how to handle potentially malicious URLs and IP addresses without getting burned by directly communicating with them. We'll cover...
View ArticleClik here to view.
Evaluating Potentially Malicious URLs - Part 3
by Tony Lee. This is the final part of a three part series covering how to handle potentially malicious URLs and IPs. In Part 1, Deobfuscating Potentially Malicious URLs, we laid the groundwork by...
View ArticleClik here to view.
Configuring SET to Bypass Outbound Filters and Own the Day
By Melissa Augustine and Brad Antoniewicz. The Social Engineering Toolkit (SET) is a great, easy to use tool for combining social engineering attacks with Metasploit’s extensive framework. However, SET...
View ArticleClik here to view.
Forwarding SMS to Email on [Jailbroken] iOS
by KrishnaChaitanya Yarramsetty. As with most ideas, this one also took shape out of necessity to reduce manual work and dependencies in various scenarios. This blog post shows one of the many ways to...
View ArticleClik here to view.
Evaluating OData Applications
By Gursev Kalra.I was recently evaluating a SaaS provider's OData application, evaluating how its endpoint client application communicated via OData to its backed servers. The client application...
View ArticleClik here to view.
Unreal Tournament 99 Server On Ubuntu 12.04 (AWS)
By Brad Antoniewicz.We do a lot of "team building" at Foundstone - it comes in all varieties. This week's activity was an Unreal Tournament LAN Party, and I figured I'd share the setup in case anyone...
View ArticleClik here to view.
Sniffing Traffic on the Wire with a Hardware Tap
By JP Dunning. Capturing network traffic is a great way to learn more about a target network, harvest credentials, and even monitor user habits. In the Wi-Fi world, it’s easy: simply specify a channel...
View ArticleHacking EAP-FAST Phase 0 with hostapd-wpe
By Brad Antoniewicz. EAP-FAST (Flexible Authentication via Secure Tunneling) [RFC 4851] is an EAP-Type developed by Cisco "to support customers that cannot enforce a strong password policy and want to...
View ArticleClik here to view.
Creating, Extracting, and Signing JARs
By Raakesh T. Java Archive (JAR) is a cross-platform archive file format used to compress and bundle multiple files (e.g. Java class files), metadata and resources into a single file with the .jar file...
View ArticleClik here to view.
Setting up your Hacking Playground - VMWare vs HyperV
By Tony Lee. I am beginning to think that it is a universal truth that geeks love to build some sort of playground or work area for their experiments. Whether that is physical or digital, it becomes a...
View ArticleClik here to view.
Setting up your Hacking Playground - Hyper-V Quick Setup [Part 2]
By Tony Lee. In first part of this series, we did a high-level comparison between free versions of VMWare ESXi and Microsoft’s Hyper-V. In this part, we will explore the insane (and absurd) challenge...
View ArticleClik here to view.
Setting up your Hacking Playground - Hyper-V Quick Use [Part 3]
By Tony Lee. In first part of this series, we did a high-level comparison between free versions of VMWare ESXi and Microsoft’s Hyper-V. Next we highlighted the difficult challenge that exists when...
View ArticleClik here to view.
Fixing SSLv2 Support in Kali Linux
by Pat McCoy. I recently needed to check for SSLv2 support on several systems. Unfortunately, I found that the version of OpenSSL that is installed by default on Kali linux doesn’t support SSLv2 and...
View ArticleClik here to view.
Forensics Investigations: Do not forget the database!
by Daniel Caban and Christiaan Beek. In our investigations it is typical for us to see an attacker use an exploit to first compromise a web server, then launch further attacks against the internal...
View ArticleReversing Basics Part 1: Understanding the C Code
By Robert Portvliet. This is the first in a series of blog posts which will cover basic reversing of a very simple program written in C. The first post will walk through the simple C program and...
View ArticleClik here to view.
Reversing Basics Part 2: Understanding the Assembly
By Robert Portvliet. This is the second blog post in a four part series. In the first post, we reviewed the structure of a simple C program. In this installment, we will cover disassembling this...
View Article