Updates and stuff

Wow, what a crazy month. I’ve been up to a lot of things. For starters, I applied to Nessus for a part time vuln research analyst position, beat the phone screen and beat the 3 app challenges they sent me, but didn’t get the job and they gave me no real answer, even when I emailed the head guy and asked for some semblance of an idea as to why I was rejected. The challenge front page asked nicely in the challenge not to publish findings, however I asked nicely for a reason why I wasnn’t picked. Two wrongs don’t make a right, but 3 rights make a left. Spoilers for whoever applies at nessus coming soon.

Aside from that I got accepted for ToorCon to do a talk on my Keepass snarfer app I was going on about last month.
Check it:

As for the snarfer itself, its done. I even made a nice front end for it:

As for showing off the code itself, Here it is.

Today at work it was rather slow. I decided to write my own HTTP Brute Forcer since Brutus shows up on every AV scanner from here to china. I named the program Brutus 2 – Electric Boogaloo. If you get that reference, you are awesome. Here it is side by side with the old one:

I love .net. It allows for cranking out apps an an alarming rate. As for source code / downloads, I’ve only worked on this app today so I need more time. As it stands, only basic http auth works and its NOT multithreaded (yet). Expect updates soon as well for that.

So what is that, 4 updates in the future? The keepass snarfer, the brute forcer, spoiling Nessus / Tenable’s hack tests, and what am I missing? Oh right, the 0day. I’ve been so busy I forgot to even submit. I do plan on showing it off, but I wanted to go into depth about how I found it, so I’m being rather lazy about it.

Thats it for now. Have some random pic like usual:

Leave a Reply