I spoke at the OWASP NY/NJ chapter meeting yesterday, and it was great fun. The presentation is available here. Some people asked me after the presentation for links to the tools I demonstrated, so here goes: Teensy – Can be bought at pjrc.com for $16 Social Engineering Toolkit – created by ReL1K and downloadable here Inception –… Read more »
Posts Categorized: Hacking & Pentesting
How to install execstack on Ubuntu Hardy
Execstack is great for exploit development tutorials and training on Linux operating systems, as it marks the stack as executable. To install it on Ubuntu 8.04 Hardy, issue the following command in a terminal: sudo apt-get install prelink
Video – Hacking OS X FileVault2 over Thunderbolt with Inception
I’ve created a short video showing how to attack OS X Lion with FileVault2 enabled using my tool, Inception. In the video, I attack a fully patched Mac OS X Lion machine with full-disk encryption enabled (FileVault2), while the machine is powered on and a user is logged in. Using Inception, I am able to dump… Read more »
Adventures with Daisy in Thunderbolt-DMA-land: Hacking Macs through the Thunderbolt interface
We security folks often feel like we are regurgitating the same type of security issues over and over again, just in new contexts. So depending on how you look at it, this is “old new” or “new old” news. Nevertheless, I thought it would be a good idea to take it down from speculation to… Read more »
Hey corporations: Provide a easy way to disclose vulnerabilities to you!
Lately I’ve seen several cases where people openly discuss discovered web vulnerabilities in big corporations’ web sites, and often disclosing technical details because the person that discovered didn’t find or didn’t bother looking hard enough for a phone number or email address to the relevant security response team. Even though some of the cases above are… Read more »
Fire through the wire
Update: FTWAutopwn is now named Inception: I’ve created a standalone page for the tool here, please be referred to that page for updates on the tool. The last days I’ve been working on an alternative to winlockpwn (unlocking locked Windows boxes through FireWire SBP2 DMA) using libforensic1394. Now I’ve released an alpha version of the tool, Fire… Read more »
Alternative to winlockpwn: libforensic1394
A couple of days after demonstrating winlockpwn I came over libforensic1394, a full C library with full Python bindings for leveraging the SBP2 FireWire (IEE1394) DMA feature to perform memory dumps and live patching of physical memory. It works like a charm, and it is much more stable than the old winlockpwn hack. This is… Read more »
winlockpwn on Ubuntu
Update: I’ve released a tool at github called Inception, which uses libforensic1394 to unlock Windows XP, Vista and Windows 7 boxes. IMNSHO, it is much more stable than winlockpwn, easier to use and works against a wider spectrum of target operating systems. Quite regularly I’m being asked to demonstrate the FireWire attack made by MetlStorm aka… Read more »
SHODAN – a banner grabbing search engine
Just got a tip about this search engine – SHODAN. SHODAN is basically a banner grabbing search engine: It scans the Internet for machines running services on common ports, contacts these and stores the banners that it gets in return. It makes these banners publicly searchable. Banners are not sensitive information, but they often contain… Read more »
pwnmaps – A tool to parse nmap NSE output into something useful
I’ve been using the nmap NSE scripts a lot recently in pentests, and i find the results from many of the scripts invaluable, like smb-enum-users. This script uses some ninja tricks to make the machines spill out all their users using null sessions. Although the scripts are great, the nmap output format to stdout is… Read more »