Pass The Hash

One of my most used and favourite tools on any infrastructure test. Keimpx is a fantastic little tool which allows the spraying of Windows password hashes to a host or a list of multiple hosts to test for valid credentials. Once it finds a valid match it offers the ability to gain a reverse shell to the remote host. Read More

Recent Articles
Jul
22

Pass The Hash

Pass The Hash

One of my most used and favourite tools on any infrastructure test. Keimpx is a fantastic little tool which allows the spraying of Windows password hashes to a host or a list of multiple hosts to test for valid credentials. Once it finds a valid match it offers the ability to gain a reverse shell to the remote host. […]

Read More
Jul
4

Pen Testing Scripts

Pen Testing Scripts

It has been a long time since I have posted on the blog, I have been very busy! I have created quite a few new scripts over the last year that I have finally shared and also have updated a few. These typically are scripts I have made for specific jobs I have been to […]

Read More
May
17

ICMP Shell Fun

ICMP Shell Fun

Every now and then you will be onsite and find a locked down environment and no outbound internet access or DNS from the client systems, but the client systems can ping outbound to the internet. I haven’t up until now needed to do much with ICMP on jobs, as normally there are other ways out. But on a recent internal job […]

Read More
May
7

AV0id – Anti-Virus Bypass Metasploit Payload Generator Script

AV0id – Anti-Virus Bypass Metasploit Payload Generator Script

Introducing a simple script I have created to bypass most Anti-Virus products. This script is based on scripts I used whilst attempted to avoid A.V,  credit to all authors of the mentioned scripts below for their research and work. This was just a very quick script I put together to make life a bit easier. […]

Read More
Jan
9

Ipad Extra Screen

Ipad Extra Screen

Whilst working onsite today I was rather jealous of a colleague who had a nice fold flat USB external LCD for his laptop. It is always tricky when onsite and have multiple windows open or reading/writing reports etc so this looked like a great idea. I thought I will order one of those, then I remembered I […]

Read More
Dec
19

LazyMap – Lazy Nmap Scanning Script

LazyMap – Lazy Nmap Scanning Script

Introducing LazyMap, a new script I have been working on. What does it do? It is simply a bash script that automates the NMAP tool to assist with internal network scans. Why use it? For anyone who has worked in a cold data centre will appreciate that running NMAP over many VLANs with cold hands […]

Read More
Dec
18

Mobile Phone Signal Boost – Three

Mobile Phone Signal Boost – Three

A non security related post, but it might help others. I am currently with the Three network provider for my phone. I get a good 3G signal, but really struggle with signal in my house for txts and calls. Normally I will either have 1 signal bar or no signal at all. I was aware […]

Read More
Sep
15

Unquoted Service Paths

Unquoted Service Paths

I have been playing with unquoted service paths/trusted paths the last few days and thought would write something up. Credit to Gavin Jones who introduced me to this issue, which to be honest I hadn’t heard of before and I  normally only checked cacls and permissions of services. What is the issue? Basically it is related to the path […]

Read More
Jul
26

Rural Broadband Vs 3G

Rural Broadband Vs 3G

I thought I would share a very cool device which really has improved my internet speeds. It is not security related, but often I post about things that I come across that are good. I live in quite a rural location and I am a long distance from the local B.T telco phone exchange and there no […]

Read More
Jun
9

Wireless Password Cracking With Cloud Clusters

Wireless Password Cracking With Cloud Clusters

Recently I have been a bit frustrated with cracking wireless keys and was looking for better ways to improve the speed. I decided to setup a Amazon Ec2 cluster to give that a go at cracking WPA handshakes and also to improve general password cracking with John the Ripper. It can be quite annoying gaining […]

Read More
Jun
2

Cisc0wn – Cisco SNMP Script

Cisc0wn – Cisco SNMP Script

I have created a new script that you might find useful. Cisc0wn is simply a bash script that pulls various tools and enumeration into one simple command for ease, so is not really a tool in itself. It doesn’t do anything extra than you can’t really already do, it just saves running several different tools […]

Read More