Posted in r/netsec by u/c0r0n3r • 2 points and 0 comments

Shodan is a tool for searching devices connected to the internet. Unlike search engines which help you find websites, Shodan helps you find information about desktops, servers, IoT devices, and more. This information includes metadata

The goal of a hardware root of trust is to verify that the software installed in every component of the hardware is the software that was intended. This way you can verify and know without a doubt whether a machine

Phrack staff website.

In this post, I’ll discuss an arbitrary file move vulnerability I found in Windows Service Tracing. From my testing, it affected all versions of Windows from...

Bypass the content security policy (CSP) via JSONP endpoints, CSP injection, wildcards *, and other misconfigurations.

It’s that time of year again, time to look back on breach data from the previous year, and reflect on trends. A little history is needed before jumping in. I started cataloging breach data about 3 years ago and have tried to capture 3 critical attributes…

Learn how to disable or DOS (Denial of Serice) attack your own wifi. Using Kali Linux you will be able to completely disable all connections to your wifi.

This is why the IMSI Catcher is so effective. It simply pretends to be a cell tower near your phone, then seamlessly connects to it, and starts to harvest information.

After the classic VM bootstrap the first thing that I had to do is to obtain the IP of the target machine. Then I needed to use nmap…

My friend recently got hit with Dever ransomware. This blog post will talk about the network architecture of the environment, live incident response, an interesting prefetch, timeline of the attack, info on Dever ransomware, summary and IOCs.

Intro

There is a critical vulnerability in ThemeGrill Demo Importer that leads to database wipe and auth bypass. In the versions 1.3.4 and above.

The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting of Nicolas Grégoire, Soroush Dalili, Filedescriptor, and myself have conferred, v

Introduction There are several kinds of delegation implemented by using the Kerberos protocol. Basically, delegation allows a service to impersonate the client user to interact with a second service, with the privileges and permissions of the client itself.…

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

My write-ups to CTF challenges. Contribute to joshdabosh/writeups development by creating an account on GitHub.