Blog

The passing of Muhammad Ali

I can’t believe it. It’s a little after midnight and I’ve just learned the Muhammad Ali has just passed away. I know that he was old, and I know that he was battling Parkinson’s disease and as naive as it sounds I just couldn’t comprehend the even the possibility of such a man ever passing.

“I […]

By |Uncategorized|0 Comments

The entire Powershell For InfoSec Pros course is now FREE on YouTube!

Hey everyone, I’m writing this blog post to let you know that I’ve put all of my 2015 Powershell For InfoSec Pros courseware on my YouTube channel. Please subscribe to my YouTube channel. I’d really appreciate it.

Here are the videos from this course:

Here is the Pastebin URL for the commands used in this course:
http://pastebin.com/cM8zRq7C

 

Here are […]

The entire Command-Line Malware Analysis course is now FREE on YouTube!

Hey everyone, I’m writing this blog post to let you know that I’ve put all of my 2015 Command-line Malware Analysis courseware on my YouTube channel. Please subscribe to my YouTube channel. I’d really appreciate it.

Here are the videos from this course:

Here is the Pastebin URL for the commands used in this course:
http://pastebin.com/QXURDzmA

 

Here are the virtual […]

The entire Burp Suite course is now FREE on YouTube!

Hey everyone, I’m writing this blog post to let you know that I’ve put all of my 2015 Burp Suite courseware on my YouTube channel. Please subscribe to my YouTube channel. I’d really appreciate it.

Here are the videos from this course:

 

Here is the Pastebin URL for the commands used in this course:
http://pastebin.com/5sG7Rpg5

Here are the virtual machines […]

Compromising WordPress and pivoting to the Internal Network

A few months ago I ran into WordPress on a penetration test. It was a generic web application security assessment, but in this case I was able to compromise the server and move into the internal network. I thought I’d take the compromise walk-through and turn it into a blog post for you guys today. […]

By |Uncategorized|0 Comments

The entire Metasploit course is now FREE on YouTube!

Hey everyone, I’m writing this blog post to let you know that I’ve put all of my 2015 Metasploit courseware on my YouTube channel. Please subscribe to my YouTube channel. I’d really appreciate it.

Here are the videos from this course:
bit.ly/2015AdvancedMetasploit

 

Here is the Pastebin URL for the commands used in this course:
http://pastebin.com/0jC1BUiv

Here are the virtual machines […]

Hackers For Veterans!!!

Today is Veteran’s day and I just wanted to thank all of the wonderful people that have or do serve in the Armed Forces. Regardless of how you may feel about US foreign policy, defense spending, fighting in the Middle East or any area of the world for that matter today is about not about […]

Attacking Dell Foglight Server

I was just talking to someone a little while ago about how rarely I run into Postgres on pentests.  I have however run a postgres based product called Foglight. Ok, so what is a Dell Foglight box? A while back I was on a pentest and ran into one of these.

 

Let’s see…”Dell’s application performance monitoring […]

By |Uncategorized|0 Comments

Using APT tactics and techniques in your pentests

I have a student that has been asking me about internal network penetration testing so I figured I’d write a blog post about it. I was trying to explain to him that there is so much more to it then just popping boxes. Breaking in a machine is easy, the moving around a network and […]

By |Uncategorized|2 Comments

Bypassing Restricted Environments

I just got an email from an old student that is doing a pentest and he asked me about pentesting restricted environments like locked down desktops, citrix, kiosks, etc. I figured I’d put together a blog post on the subject and if people like it I’ll do some more blog posts that go deeper into […]

By |Uncategorized|2 Comments