Greetings and salutations! I’ve been busy not with breaking things, but instead making things! Its a totally different balls park to make something useful than it is to try and find flaws in it. This little stub application is part of a larger application I’ve been slowly building up over the last few months. I […]
Howdy fellow crackers and hackers alike! Have I got a treat for you? A live botnet. The other day at work, I encountered a number of machines all attacking other hosts. Normally its just one machine, but this there were several. We isolated the exe responsible because it was eating up 100% CPU (not exactly […]
Hello everybody! Its been a wonderful new year. Full of new experiences and all that other stuff. Lately I’ve been running into a lot of .net stuff. Managed assemblies (compiled MSIL dlls) interacting with normal binaries as well as .net binaries. The beauty of it is most of the time, I can decompile them and […]
I threw this together tonight because I was sick of trying to think of them(passwords) off the top of my head. As a sys admin I have to use this all the time on compromised accounts. Here’s what it looks like. You can download the full program here.
Hello everyone and happy new year. PCI compliance requires CC’s be encrypted, yet every other online store I’ve encountered STORES the ENCRYPTION KEY on the box, usually somewhere in the store’s code. What’s the point? Who does this deter? Even if the CC’s are encrypted, what’s to stop someone from just grabbing the CC’s and […]
They don’t make sites like they used to anymore. Seems more people are security conscious. I say this because when i look to the past, I found hacking sites and servers a little easier. Example: What happened? I don’t think things are any easier / harder. I think error messages are just turned off by […]
A few weeks ago I was speaking with a buddy of mine who’s studying law. He wants to be a cyber lawyer dealing with cyber crime. He claimed file date-time stamps were admissible evidence in court. Any win32 coder worth their weight in sand knows date time stamps can be faked, but he wasn’t convinced. […]
I wanted a backdoor in coldfusion that didn’t make use of cfexecute because its usually either watched like a hawk, or disabled outright. You can download it here.
Howdy all! Who here remembers Brutus? That C++ app that allows for rapid brute forcing of FTP / HTTP Basic Auth stuff? That app that gets picked up by EVERY AV under the sun? Well I remember it quite well. It helped me get into a number of boxes back in the day. To show […]
As per my talk at toorcon, I said I would post the code here. You can download the talk here (PDF form here) I have uploaded the videos here: Snaring Window Messages and here: App In Action