Under Utilized Tools/Resources #1

Many resources, especially web apps/sites used for OSINT come and go as I've mentioned before. However there is one resource I discovered a few years ago and still exists. It is a unique resource but still useful. It's useful for OSINT or just to monitor trends in blackhat circles, but rarely will you find something … Continue reading Under Utilized Tools/Resources #1

Best Android Apps for Pentesting and Hacking

There are many apps that run on Android so I'll probably make a few of these posts. That said, the first and best resource isn't actually one app but an overlay to the Android OS. This is Kali NetHunter. I suggest buying a play edition phone (bootloader unlocked and open to be rooted) then you … Continue reading Best Android Apps for Pentesting and Hacking

PoC for CVE-2017-16744 and CVE-2017-16748

Wow, so it's been two years or so since I found these two vulnerabilities in an Industrial Control System (ICS) while doing an external penetration test.  Before we continue, if you're unsure what an ICS is, here is a link with a definition.  With that out of the way, here we go! I fixed up … Continue reading PoC for CVE-2017-16744 and CVE-2017-16748

Burp Suite Extensions

Burp Suite is definitely the most used tool for me on a daily basis since I started my new job. Which is funny in a way because in my old job, I found myself relying too heavily on it and trusting it way too much. That said, it is also my favorite tool.  Don't get … Continue reading Burp Suite Extensions