hotstar
OpenVPN on OPNSense -> NordVPN - Selective traffic routing
This post details how to configure a NordVPN OpenVPN client on OPNSense and selectively route client traffic over the tunnel.
Stealthy social network (Twitter / Facebook) based pentest drop box
The best place to exchange a secret is amongst a crowd - unknown. With the amount of traffic generated by social networks, what if you could camouflage the pentest drop box traffic? Pentest drop box - a portable device that is plugged (or connected wirelessly) to the target network during
Abusing social network APIs for Fun & Profit - Facebook API
Question - In a controlled corporate environment with DLP solutions monitoring the HTTP and Email traffic, how would you perform data exfiltration during a Red Team Pentest ? ‘One’ of the answers would be to use social networking sites, let’s look at Facebook in this post. Data exfiltration using Facebook
Snagging Active Directory credentials over WiFi - Part 1
💡This issue has been fixed on Windows 8+ as part of MS16-112 issued in September 2016. I haven’t checked this on a Windows 7 machine which isn’t listed on the Microsoft page. Basics The basic theory behind the attack is same as @mubix’s discovery - if you
Cracking NTLMv2 responses captured using responder
In the previous post, a Raspberry Pi Zero was modified to capture hashes (or rather NTLMv2 responses from the client). Let’s see how hashcat can be used to crack these responses to obtain the user password. I will be using dictionary based cracking for this exercise on a Windows
Raspberry Pi Zero for credential snagging
💡Update: CVE-2016-3302 / MS16-112 patch was released by Microsoft to fix the issue. Introduction This post is an extension to Rob Fuller’s (@mubix) work - https://room362.com/post/2016/snagging-creds-from-locked-machines/ to see how a Raspberry Pi Zero can be used for credential snagging. All credits go to @mubix for