Using Metasm To Avoid Antivirus Detection (Ghost Writing ASM)
Preface It seems that more and more these days I find myself battling head to head against my client’s Antivirus Software. Payloads I encoded to successfully bypass one solution get picked up by...
View ArticleStealing the Keys to the Kingdom through SQL injection
Recently I was conducting a penetration test for a very large high profile client. The network itself had over 5500+ nodes and nearly 400 subnets. I started out using one of my new tactics by...
View ArticleEmail Address Harvesting
Introduction Harvesting email addresses is a common part of any external penetration test. Several tools exist that can be easily found with a simple google search that can greatly decrease the amount...
View ArticleRecover Spark IM Stored Passwords with Metasploit
Metasploit Module [1] I recently added a post exploit module to the metasploit framework. The module will extract and decrypt passwords that are stored by the Spark Instant Messenger client. The...
View ArticleWordPress Pingback Portscanner – Metasploit Module
Github Module [1] The latest version of WordPress, version 3.5 was recently released on December 11, 2012. This latest version of WordPress comes pre-packaged with the XML-RPC interface enabled by...
View ArticleHow do I phish? – Advanced Email Phishing Tactics
I’m often times asked how I perform email phishing attacks. Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is...
View ArticlePwn all the Sauce with Caller ID Spoofing
If we’re going to perform some pre-text phone calls we have a couple different options when it comes to the caller ID. We really only have 3 possible options which are: we do nothing to the phone...
View Article
More Pages to Explore .....