Clik here to view.
Using Metasm To Avoid Antivirus Detection (Ghost Writing ASM)
Preface It seems that more and more these days I find myself battling head to head against my client’s Antivirus Software. Payloads I encoded to successfully bypass one solution get picked up by...
View ArticleClik here to view.
Stealing the Keys to the Kingdom through SQL injection
Recently I was conducting a penetration test for a very large high profile client. The network itself had over 5500+ nodes and nearly 400 subnets. I started out using one of my new tactics by...
View ArticleEmail Address Harvesting
Introduction Harvesting email addresses is a common part of any external penetration test. Several tools exist that can be easily found with a simple google search that can greatly decrease the amount...
View ArticleClik here to view.
Recover Spark IM Stored Passwords with Metasploit
Metasploit Module [1] I recently added a post exploit module to the metasploit framework. The module will extract and decrypt passwords that are stored by the Spark Instant Messenger client. The...
View ArticleClik here to view.
WordPress Pingback Portscanner – Metasploit Module
Github Module [1] The latest version of WordPress, version 3.5 was recently released on December 11, 2012. This latest version of WordPress comes pre-packaged with the XML-RPC interface enabled by...
View ArticleClik here to view.
How do I phish? – Advanced Email Phishing Tactics
I’m often times asked how I perform email phishing attacks. Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is...
View ArticleClik here to view.
Pwn all the Sauce with Caller ID Spoofing
If we’re going to perform some pre-text phone calls we have a couple different options when it comes to the caller ID. We really only have 3 possible options which are: we do nothing to the phone...
View Article
