As a perfect follow-up to our Wireless CTF win, I present some hashcat WPA2 cracking.
DEF CON 25 and BSidesLV 2017 – Hacker Summer Camp
Another year in Vegas, and DEF CON 25 is in the books.
Filed under Security Not Included
Writing an Alexa Port Scanner for Couch Hacking
As I got one for Prime Day, I figured that I would write an Alexa Port Scanner.
Filed under Security Not Included
Brainpan 2 – Trolling, Headaches, and a fun Challenge!
Finally back to VulnHub, and next up is my Brainpan 2 walkthrough.
Filed under Security Not Included
MITM XSS Protection – Still Popping Alerts
I recently had to demonstrate the dangers of loading external resources over HTTP as well as security libraries running on the client side. In this case, I went with an attack to MITM XSS protection, and this was the result.
Filed under Security Not Included
XSS Password Stealing – Who needs cookies?!
Most people are already aware of using XSS to pop alerts or steal cookies. Today I’d like to show XSS password stealing.
Filed under Security Not Included
Easy Chat Server Exploit (<=3.1) - SEH Stack Based Overflow
The following is an older Easy Chat Server Exploit for versions <3.1 (CVE-2004-2466). That said, this is a great example of utilizing SEH for exploit writing and reliability.
Continue reading
Filed under Security Not Included
Homoglyph Phishing – Exploiting Basic Authentication Userinfo
After learning more about them from eWPTX, I’d like to cover a homoglyph phishing attack.
Filed under Security Not Included
XSS Without Dots – Or, How to Fail Onyxia
This week I’d like to show XSS without dots, as a method of filter avoidance.
Filed under Security Not Included
BSides Raleigh CTF (2016) Write-Ups
While a bit late, I finally found (some) files to do a BSides Raleigh CTF write-up.
Filed under Security Not Included