Category: security

May 18, 2017 / security

Stealing Windows credentials is the ultimate goal of every penetration tester. Being able to leak them outside the local network just aggravates the problem. There are many ways one can achieve this, some requiring complex attacks or user interaction. There is however an old and undocumented Windows feature that transforms the business of stealing Windows credentials a walk in the park. Let me introduce Windows Explorer Shell Command Files.

February 15, 2017 / security

The aim of this article is to showcase a PHP backdoor that is small enough to pass unnoticed while still allowing the execution of complex operations. Maintaining access to a compromised system is one important step during penetration testing. In most cases this is achieved using backdoors. These can either live as standalone pieces of software or as part of legitimate code. And always, no matter how the backdoor is designed, being hard to discover is an important aspect.

January 23, 2017 / security
January 10, 2017 / security

If you are reading this tutorial over a wireless connection, or at least you have a wireless network in your house, take a breath and ask yourself, how safe do you feel? Did you use a strong password when you set up your wireless network? Does the password you use…