Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture… Continue reading Grabbing NTLM hashes with Responder then what?
It is with regret that I am writing this because the world has lost a bright light. This page lists the stories people volunteered about Paul. Mainly from InfoSec Twitter but all sorts of lovely people who knew Mr Mason managed to find me. They are included and very welcome. If you are reading this… Continue reading In memory of Paul Mason
One of the simplest ways to improve security is to ensure that default usernames and passwords are altered. Do this routinely before deploying anything and you can save yourself a lot of headaches.Here is my old timey wisdom on the topic: https://www.youtube.com/watch?v=2FVWoMbn4Fk Always change the default password. Thanks
This is a post to myself really. One where I want to whinge once to get it out of my head and then stick the marker down for how we just skip over 2019 in my history so that it didn't really happen. Not doing this for sympathy I am just looking to get it… Continue reading Hindsight is 2020 – When 2019 didn’t happen
Sometimes you will need to test from a Windows environment. To cite merely two examples: if you have busted out of a Citrix locked down environment and are now installing tools; or if the customer wants you to simulate a rogue internal user with one of their Workstations (I love doing this personally!). These come… Continue reading Network Adapter names in Windows for Hackers
I have been working on an Extender for Burp Suite (a local proxy which allows you to check for common problems and security weaknesses). While the proxy is written in Java it is common for the Extender's to be made in Python. Jython is the glue that keeps Java and Python working. My Extender… Continue reading Jython and it’s java.nio.charset.UnsupportedCharsetException