My adventures in infosec. Pentesting, red teaming and the rest of it.

Reverse shell over UDP using PowerShell

My post is really to remind myself that this exists. The hard work was done on back in 2015. I found that this worked for me well. First the code from that blog (only slightly modified): Note 1: if you use the code from the git repository it will be caught by Windows Defender…More

Keep reading

Beating a Master Lock (key box)

I moved house a while back and the place came with one of those Air BnB style key boxes on the front made by Master Lock. There was nothing in the handover about it and it was likely that it had belonged to the previous previous owners as it looked unloved for a long time.…More

Keep reading
A hatchet taking 1000s of cuts to cut down a tree

Finding Missing Patches the hard way

In this post I present a short piece of PowerShell that helped me find missing patches in a .net application. The target was a thick client where source code was not provided. Almost everything has outdated dependencies and the goal for me is to see if any of them will provide an obvious way to…More

Keep reading

Java giving more shells on everything

Back in 2018 I blogged about how java gives a shell for everything, and also how to compile in memory as an AV Evasion technique. Some of these techniques have now been added into gtfo bins, and heroes even integrated them into metasploit. In this post I go through the most recent JDK/JRE and look…More

Keep reading

Grabbing NTLM hashes with Responder then what?

Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture…More

Keep reading


Something went wrong. Please refresh the page and/or try again.