XSS Password Stealing – Who needs cookies?!

Most people are already aware of using XSS to pop alerts or steal cookies. Today I’d like to show XSS password stealing.

Continue reading

Leave a Comment

Filed under Security Not Included

Easy Chat Server Exploit (<=3.1) - SEH Stack Based Overflow

The following is an older Easy Chat Server Exploit for versions <3.1 (CVE-2004-2466). That said, this is a great example of utilizing SEH for exploit writing and reliability.
Continue reading

Leave a Comment

Filed under Security Not Included

Homoglyph Phishing – Exploiting Basic Authentication Userinfo

After learning more about them from eWPTX, I’d like to cover a homoglyph phishing attack.

Continue reading

Leave a Comment

Filed under Security Not Included

XSS Without Dots – Or, How to Fail Onyxia

This week I’d like to show XSS without dots, as a method of filter avoidance.

Continue reading

1 Comment

Filed under Security Not Included

BSides Raleigh CTF (2016) Write-Ups

While a bit late, I finally found (some) files to do a BSides Raleigh CTF write-up.

Continue reading

Leave a Comment

Filed under Security Not Included

Samsung GS5 Nethunter is Kali in my Hands!

I recently added a Samsung GS5 Nethunter to my arsenal, and it was quite easy to set it up.

Continue reading

Leave a Comment

Filed under Security Not Included

CTF Resources – Go. Hunt. Cap Flags.

For those of you looking for links after my talk, I’m glad to finally release my CTF resources.

Continue reading

1 Comment

Filed under Security Not Included

CarolinaCon 13 – When a 12 Step Program Isn’t Enough

For those of you who were unable to attend CarolinaCon 13 this past weekend (19-21 May), then you definitely missed out on a great con.

Continue reading

Leave a Comment

Filed under Security Not Included

LuaRadio SDR – Goodbye GNURadio?

Since I haven’t gotten my SDR working correctly, one of my colleges recommended LuaRadio SDR as opposed to GNURadio

Continue reading

Leave a Comment

Filed under Security Not Included

DNS Exfiltration with Dnsmasq; easy as 1, 2, 3!

I realized that I needed a server for DNS exfiltration, so I finally set one up.

Continue reading

Leave a Comment

Filed under Security Not Included