Category: Uncategorized
-
Secret.htb
This is a detailed walk-thru for secret.htb written by dR1PPy This challenge was just what was needed on the heels of a really good JWT UDemy course. https://www.udemy.com/share/102WlY3@pMKr6-Y3Nh5KakPVtUwPrrrXDrt3B2UNF_Kjkc7NyIGxtWtk-AcFiJ7KvOuGqr8c/ Based on the items covered in that class this machine was very easy and straight forward.Below is the walk-thru for getting access and escalating thru the HTB…
-
Duplex Proxy Setup Below you will find instructions on how to setup a duplex proxy setup. Once you complete the walk-thru you will find it is very easy to add multiple proxies to your chain using the same technique shown here. Here is a quick overview of the setup, we will be chaining both proxy…
-
SwagShop.HTB
Walkthru for SwagShop This is a detailed walk-thru for SwapShop written by dR1PPy Challenges like the one posed by SwagShop are some of my favorite. The ones that require a good combination of skills with toolsets along with skills with chaining exploits. Overall a fun box to beat up on much thanks to ch4p for…
-
Death by Heartbleed
With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services. Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed Method 1 From any host running Chrome Web Browser search for and install the…
-
Trolling the Red Team (Part 1)
Hey looks its a Red Team! Here they come with a few hours of work & a report that will hopefully provide more valuable information than “Here is what Nessus Found”. A simple way to test any Red Team’s worth is with a good trolling and disinformation effort once the engagement is underway. Good testers…
-
Making BitCoin with Bots
In this article we will cover how to quickly setup a trading bot for crypto-currencies. As the difficulty for BTC continues to rise the profit in mining coins continues to drop. A good method to make up those losses is with a trading bot which will work to increase your profit margin by making the…
-
Blind Zerg Rush for Security
While reviewing some old publications I came across this great article that was written just weeks after the 9/11 tragedy in NY. Based on recent events disclosed around the PRISM program and US Government actions against privacy in general the article seems to be very scary with it’s foreshadowing. Here is an excerpt taken from…
-
From $40k to Free – The Carberp source leak
Very interesting source code leak today for the Carberp malware family. This black market malware once being offered for $40k will surely be of interest to anyone who conducts malware & botnet analysis. The leak included a few other tools that helped make it so successful like the bootloader, MC obfuscate, along with various functions…
-
The Smackin9 of Hakin9
The folks here at SecurityPimp.net have been doing this Information Security thing for some time. Back in the early days knowledge, tools, and training usually took place on a hidden BBS, and later private IRC’s. But as technology and the internet have evolved so has the training methods and sharing in our hacking community. It’s…
[security.pimp] 