Hiding in plain sight

Steganography is about hiding content inside other content. At work, bad folk might use it to sneak things outside the company, or just to hide bad things on their machine. They probably won’t though, because it’s a lot of effort and there are other ways to steal data. or will they… This week I needed … [Read more…]


I’m tweaking the collection of data relating to activities inside our corporate Slack team. I was particularly interested in volume, for example, if someone asked us to capture the metadata associated with every reaction to a Slack message with the party parrot, how much storage (and processing power) would I need to budget on the … [Read more…]

OSCP practice: Vulnhub – Kioptrix Level 1

My OSCP exam is fast approaching. For extra practice I am going to start working through the relevant vulnhub machines. A list of vulnhub machines that are more like OSCP here. Starting right at the beginning with: Kioptrix Level 1 I used the free vmware workstation edition and created a new private network. I moved my … [Read more…]


Hashcat password cracking quick start: Download from here. Install on Windows machine. Search the example hashes to find the code matching the hash you located. hashcat64 -m {code} {path to the hash you found} {path to your password file} –force Example command: hashcat64 -m 1600 c:\Users\cd\Desktop\hashes.txt c:\Users\cd\Desktop\rockyou.txt –force

Every Pen-Test: Enumeration Reminders

WEB dirb http://site.com {wordlist-optional} /usr/share/dirb/wordlists /usr/share/dirb/wordlists/vulns eg: /usr/share/dirb/wordlists/vulns/coldfusion.txt nikto -h if wordpress: wpscan General connection enumeration: nc 80 (then) HEAD / HTTP/1.0 For SSL: openssl s_client -quiet -connect site.com:443 If WebDAV davtest -cleanup -url cadaver (webdav client) DNS Zone transfer: dig server.domain.com domain.com axfr FTP nmap -sV -Pn -vv -p 21 –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 … [Read more…]

The archive

A big list of things from the past: Video: Microsoft Tech-Ed: Windows Server 2012 Direct Access Articles: XPERF Windows boot tracing Identifying accounts with Kerberos Pre-Authentication disabled Direct Access: when you make it work, then its stops Tricking your Windows test machines to think they are connected to the internet “Real World” Direct Access Un-Host … [Read more…]