Grabbing NTLM hashes with Responder then what?

Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture… Continue reading Grabbing NTLM hashes with Responder then what?

Network Adapter names in Windows for Hackers

Sometimes you will need to test from a Windows environment. To cite merely two examples: if you have busted out of a Citrix locked down environment and are now installing tools; or if the customer wants you to simulate a rogue internal user with one of their Workstations (I love doing this personally!). These come… Continue reading Network Adapter names in Windows for Hackers

Jython and it’s java.nio.charset.UnsupportedCharsetException

  I have been working on an Extender for Burp Suite (a local proxy which allows you to check for common problems and security weaknesses). While the proxy is written in Java it is common for the Extender's to be made in Python. Jython is the glue that keeps Java and Python working. My Extender… Continue reading Jython and it’s java.nio.charset.UnsupportedCharsetException