pentesting

Changing Direction

How my career is changing.

Public Bug Bounty Rules of Engagement

I share my experience and lessons learned from operating a public bug bounty.

A Lesson for Bug Bounty Researchers

I’m managing a bug bounty program that has shown tremendous benefit so far. Several findings have been extremely clever, and I’ve been fortunate enough to have good interactions with the vulnerability researchers.

RubberDucky Powershell Payload

On a recent engagement I supported the lead by developing a PowerShell payload for a RubberDucky. The gist is that it will run a handful of standard Windows commands and then e-mail the results to a specified address.

DerbyCon 4.0

Unfortunately, I didn’t arrive at the ballroom early enough to get seats, or even standing room, to see this talk in-person: Ed Skoudis: How To Give The Best Pen Test Of Your Life

NetBIOS Name Spoofing and SMB

NBNS still works!

How to create a Metasploit module

Learn how to create a metasploit module

DNS Recon

Introductory methods for DNS reconnaissance.

Subdomain Enumeration

Techniques for performing subdomain enumeration information gathering.

Configure Your Environment

Customize your working environment to your liking

Reverse shell methods

Methods for obtaining reverse shells