A developer at work asked a general question to the group: “I’m thinking about using either LastPass or 1Password, anything I should know?” As the team’s newest “Security Guy”, I answered with this brief response:
Since my last post, I’ve left my position with the consultancy. I’m now working for a medium-sized corporation in a senior application security role. One of my many tasks is to contribute to the development of an Application Security program.
This morning, while I was trying to proxy traffic to this site in Burpsuite, I ran across an SSL handshake error. Googling the issue returned this helpful article that got me started on the right path.
I had the need to proxy traffic from Burpsuite to another proxy during web app testing this week. There are a few ways to do this, but this method was the easiest since I already had Burpsuite’s TLS certificate installed.
On a recent engagement I supported the lead by developing a PowerShell payload for a RubberDucky. The gist is that it will run a handful of standard Windows commands and then e-mail the results to a specified address.