The ACE Problem Solving Method (I use this)
The reason I’m in security today is because of the US Air Force’s Advanced Course in Engineering Cyber Security internship program. I turned down an internship at
Browser Pivoting (Get past two-factor auth)
Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers
How to Inject Shellcode from Java
Cobalt Strike’s Java Applet attacks inject shellcode into memory. Injecting into memory is valuable as it helps get past application whitelisting and can help evade
Why is notepad.exe connecting to the internet?
To the observant network defender, notepad.exe connecting to the internet is a key indicator of compromise. In this blog post, I’d like to explain why
Situational Awareness for Meterpreter Users
Hacking involves managing a lot of contextual factors at one time. Most times, the default situation works and a tool will perform beautifully for you.
The Origin of Armitage’s Hail Mary Mass Exploitation Feature
Several times now, an author has introduced Armitage, and the main value add to the hacking process that they emphasize is the “devastating” Hail Mary attack.
Staged Payloads – What Pen Testers Should Know
The Metasploit Framework decouples exploits from the stuff that gets executed after successful exploitation (the payload). Payloads in the Metasploit Framework are also divided into
Metasploit 4.6 – Now with less Open Source GUI
Last week, I received an email from Tod B. at Rapid7 stating that the next binary installer of Metasploit would ship without Armitage and msfgui.
Pivoting through SSH
This is a pretty quick tip, but still useful. When you SSH to a host, you may use the -D flag to setup “dynamic” application-level
Missing in Action: Armitage on Kali Linux
As you may know, the highly anticipated Kali Linux is now available. If you’ve fired it up, you may notice it’s missing a familiar tool.