Tools of the trade

Active Directory Hacking Speedrun

Posted on 2022-09-23 by Alexei Doudkine in Tools of the Trade

On Saturday 24th of September, I gave a presentation at CSECcon titled, “Active Directory Hacking Speedrun! 14 attacks in 30 minutes.” This post is here to provide some post-talk resources to those wanting to learn about any of these attacks, how they work and recreate them.

Continue reading

5 methods for Bypassing XSS Detection in WAFs

Posted on 2022-08-09 by Karel Knibbe in Tools of the Trade

Ever since the 1990s, Cross-Site Scripting (XSS) vulnerabilities have plagued the world wide web. It’s been a difficult problem to solve because of the many ways that it can introduce itself in applications. This, and other application level attacks, contributed to the rise of Web Application Firewalls (WAFs). However, like any other solution that does not tackle the problem by its roots, it’s not ideal. Pentesters, red teamers, bug hunters and malicious actors alike have been playing cat and mouse with vendors to find ways around these additional defence mechanisms. In this post, we’ll be discussing a few fundamental techniques that you can use to bypass these firewalls.

Continue reading

Basic security for humans in 4 Fridays

Posted on 2022-03-09 by Alexei Doudkine in Tools of the Trade

This post is going to be a little different. Instead of talking about the industry or business security, I’m going to share my guide on how to set up your own basic personal security. It is intended to be followed by non-technical people in 4 Fridays. My goal is to get as many people on this basic programme as I can, so I do ask you to share it with your friends and family. And, if you are a bit more tech-savvy, please help them along the way. 🙂

Continue reading

How to Share Social Media Credentials Securely

Posted on 2022-03-01 by Jessica Williams in Tools of the trade

Social media has become the platform that companies all over the world use to communicate with their customers, clients, critics, and investors. An attacker who gains access to an organisation’s social media accounts is able to send any message that they wish, posing as the organisation. Sending the wrong message on social media can cause a backlash, bad publicity, and in rare cases even be illegal as Elon Musk found out in 2018 when he was sued by the SEC over one of his tweets.

Continue reading

Cracking Passwords with Michael McIntyre

Posted on 2020-10-14 by Billy Cody in Tools of the Trade

I was watching the comedian Michael McIntyre’s most recent Netflix special “Showman” when he began a segment on the evolution of the online password. He described an algorithm that would’ve cracked most of my pre-teen online passwords. I decided to dig further and see how effective this algorithm is against some real world data.

Is Michael McIntyre really a master hacker?

Is he watching me right now?

How do I protect myself from him?

No. No. Read on!

Continue reading

Board Mounting Devices for Fun & Hacker Feels

Posted on 2020-08-25 by Alexei Doudkine in Tools of the trade

Disclaimer: There is nothing about security in this post. Just a bit of fun!

A couple of weekends ago, I found myself in a rare position of having nothing to do. Sick of staring at a screen the entire week, I decided to do a small hardware project. I wanted to take all my networking gear that was in the TV unit, and mount it on a board.

Follow this DIY guide if you also want to look like a l33t h4xx0r by mounting your networking kit on a wall or a board. I did this for my networking gear I use at home, but it’ll work for anything and is a great way to keep your lab relatively tidy.

Continue reading

The money concious, yet secure company

Posted on 2020-01-07 by Alexei Doudkine in Tools of the trade

Let’s face it, security in an organisation can be expensive. You need corporate antivirus, firewalls, a SIEM, a Vulnerability Management solution and of course, that NextGen Threat Analytics and Attack Simulating Toaster (NGTAAST™). Congratulations, you’ve just racked up over a million dollars’ worth of gear. If you are a large corporation with large security budgets, that’s great! Chances are, these controls are legitimately useful for you and help with your day-to-day defence. However, if you are a smaller company, the reality is that you have very finite resources to stop the exact same adversaries that threaten large corporations.

The good thing for smaller companies is that it’s not just black and white. You don’t have to choose between having the best AV or none at all. There are many free and open source tools available that can help if not completely replace paid software. What I love about the infosec industry is that it is full of people who truly care. They write and release software not for money, but to make a difference in the world. Let’s take a look at some of my favourite free and/or open source tools.

Continue reading