JavaScript is heavily used in almost all modern web applications. Knowing how to format a .js file, set breakpoints, and alter a script’s logic on the fly can be very helpful when working with web applications. To start, let’s navigate to a website and view the application’s resources. For our example, we are using the…
Read
Analyze the balance between gaining useful information and avoiding detection, detailing recon techniques that can be employed without compromising stealth. Rob Joyce, who at the time was Head of the NSA’s Tailored Access Operations group, had this great quote from a 2016 USENIX talk: “We put the time in to know that network. We put…
Read
Having small XSS payloads or ways to shorten your payloads ensures that even the smallest unencoded output on a site can still lead to account compromise. A typical image tag with a onerror attribute takes up around 35 characters by itself. <img src=1 onerror=”alert(‘XSS’)”> If you would like to prove you can steal credentials or…
Read
THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…
Read
Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will highlight my unique experience, some learning resources you might want to get your hands on (all free or low cost), and extras that have helped me overall. I’m currently a…
Read
Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…
Read
1.1 Prerequisites As discussed in the previous blog post, an Android emulator was set up for testing a mobile application. Some of the most common tools were configured to see the application’s environment details and start probing for potential flaws. If you followed my previous post, you should now have a lab set up with…
Read
Every now and again, I see a crazy tweet that feels like it just can’t be true. Many of them are not true or are folks making overblown statements about something cool they found—this is part of the research game, and folks are entitled to be excited about what they are learning. Recently, however, I…
Read
This blog post was co-authored with Charlie Clark of Semperis. 1 Introduction At SANS Pen Test HackFest 2022, Charlie Clark (@exploitph) and I presented our talk ‘I’ve Got a Golden Twinkle in My Eye‘ whereby we built and demonstrated two tools that assist with more accurate detection of forged tickets being used. Although we demonstrated…
Read
Introduction I hope I don’t sound like a complete n00b, but what or who or where is a BOF? All the cool kids are talking about it, and I just smile and nod. Is he the newest Crypto billionaire, or is a meetup for like-minded hackers, or is it some other 1337 slang? I understand…
Read