Clik here to view.
AD Zone Transfers as a user
The tired and true method for Zone Transfers are using either nslookup:nslookupls -d domain.com.localOr dig:dig -t AXFR domain.com.local @ns1.domain.com.localIn the Windows Enterprise world there are a...
View ArticleBest non-technical book I read this year
So first of a few end of year posts...Best non-technical book i read this year was Rich Dad Poor DadI'd like to thank Joe McCray for recommending it to me. I wish i had read the book in my teens and/or...
View ArticleClik here to view.
Where has CG been?
I've been here....work has kept me super busy...pretty sure there is a post in 2012 that says about the same. :-/I attempted to recruit some smart people to make some posts and they did so thanks to...
View ArticleClik here to view.
Creating a iOS7 Application Pentesting Environment
Now that you have your shiny new Evasion7 jailbreak running it's time to set up the environment for application testing!Getting in(cross-posted with permission from CG from my work blog)Sincemobile...
View ArticleClik here to view.
Modern Day Gold Mining
Well maybe not Gold...but Litecoins, hobonickels, dodgecoins, and other kinds of *coins*We've all heard about Bitcoins (BTC) and all wish we had bought a few hundred 2 years ago so we could retire...
View ArticleClik here to view.
Finding malicious DLLs with Volatility
Colin and I were working on an memory image the other day and needed to find DLLs loaded by svchost.exe. We turned to everyone's default memory analysis tool Volatility. Volatility doesn't really give...
View ArticleWebmin Brute Forcing
So i ran across a bunch of webmin boxes on a pentest. I went to just go try http_login or some other spiffy Metasploit auxiliary module but nothing was working quite right. I ended up needing to write...
View ArticleDNS Brute String
just sticking this here so i can find it later. thanks @mubixcat hosts.txt | xargs -t -I subdomain dig +noall subdomain.THEDOMAIN.com +answerupdate, rob pointed me to his post on...
View ArticleNagios and NPRE
Just a note for me for later as other blogs have been tending to disappear lately and so I don't get unduly excited when I see a nagios NRPE exploit/bug as there are a few obstacles to overcome.Very...
View ArticleClik here to view.
Mimikatz Against Virtual Machine Memory Part 1
Pentesting is a funny thing. Someone will drop some new way of doing something and then you get to reflect on all those missed opportunities on previous engagements. I remember when MC showed me all...
View ArticleClik here to view.
Mimikatz Against Virtual Machine Memory Part 2
Short update to talk about mostly performing the actions from Part 1 on Windows 8+ and Windows Server 2012First issue was symbols in windbg. Most importantly, NO symbols for windbg. I found this...
View ArticleArticle 0
Its nice to see smart people in the industry like Dave Aitel (https://lists.immunityinc.com/pipermail/dailydave/2014-October/000769.html, http://seclists.org/dailydave/2013/q3/65) catching up to things...
View ArticleQuick and Dirty Oracle Brute Forcing
Here is a quick bash script to wrap sqlplus for some brute forcing if for whatever reason nmap is failing to get the job done...and thus metasploit is failing to get the job done since the oracle_login...
View ArticleDevOoops
Ken Johnson and I gave a talk on going after Devops tools at Lascon in October. Slides for the talk are below:LasCon 2014 DevOoops from Chris GatesThe talk was recorded, once the talk is posted...
View ArticleClik here to view.
DevOoops: Spoofing GitHub Users
The user information that gets loaded with a commit is locally controlled metadata.What this means is that you can submit a commit as any user you please. Examples:It even adds the GitHub icon...
View ArticleClik here to view.
Enigma0x3's Generate Macro Powershell Script
Quick post/notes on Enigma0x3's Generate Macro payload since it got hot on twitter and reddit last week.code is here:https://github.com/enigma0x3/Generate-MacroThe screenshot above walks through the...
View ArticleShmoocon Notes: Userland Persistence on Mac OS X
Notes from the conf for laterUserland Persistence on Mac OS Xby Josh Pitts @midnite_runr Videohttps://archive.org/details/joshpitts_shmoocon2015the backdoor...
View ArticleClik here to view.
DevOoops: Revision Control (GitList)
More info from the DevOoops talkRemote Code Execution in GitListbackground blog post here: http://hatriot.github.io/blog/2014/06/29/gitlist-rce/P.S. if you don't read that blog, you should...
View ArticleClik here to view.
Cisco ASA version grabber (CVE-2014-3398)
Was catching up on blogs and re-reading some things and re-came across this blog post and Ruxcon...
View Article