Our Blog

Mallet, a framework for creating proxies

Reading time: ~17 min
Posted by Rogan Dawes on 08 June 2018
Categories: Analysis, Build-it, Interception, Mitm, Tools, Tricks
Thanks to IoT and other developments, we’re having to review more and more non-HTTP protocols these days. While the hardware...

Recreating certificates using Apostille

Reading time: ~3 min
Posted by Rogan Dawes on 06 October 2017
Categories: Build-it, Burp, Bypass, Certificates, Crypto, Mitm, Tools, Tricks
Sometimes on an engagement, you’d like to construct a believable certificate chain, that you have the matching private keys for....

Something about sudo, Kingcope and re-inventing the wheel

Reading time: ~5 min
Posted by george on 27 May 2013
Categories: Backdoor, Fun, Howto, Infrastructure, Internals, Linux, Local, Post-exploitation, Shells, Silly-yammerings, Tricks
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was...

Client Side Fingerprinting in Prep for SE

Reading time: ~3 min
Posted by Dominic White on 16 January 2013
Categories: Footprinting, Howto, Skype, Tricks
On a recent engagement, we were tasked with trying to gain access to the network via a phishing attack (specifically...

Skype Passive IP Disclosure Vulnerability

Reading time: ~2 min
Posted by vlad on 26 November 2012
Categories: Privacy, Skype, Tricks
When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful...

Decrypting Symantec BackupExec passwords

Reading time: ~1 min
Posted by behrang on 05 March 2010
Categories: Crypto, Reversing, Tricks
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon...