Synopsis: I’m releasing version 0.1 of a web screenshot tool I wrote to make recon of a target organizations web resources very fast and effective. Details: I chose to write a tool to perform this task after trying to find one that fit my needs but unfortunately the tools I found either didn’t fit exactly […]

I wrote this DLL years ago and spoke about it at Rochester BSides last year. I’ve been meaning to post this since then, but time tends to get away from me. Because Windows 2K and XP might not be around that much longer I’m going to keep this post short and sweet. You can download […]

Synopsis: No it’s not a typo, that’s the name of the book. If you’re a penetration tester or into social engineering you MUST read this book, however anyone and everyone will find this extremely entertaining and really enlightening. There was so much to this book, I can’t recommend it enough. Immediately the author really draws […]

Summary: A method and scripts to grab bulk data from Linkedin profiles and format it, using Burpsuite, curl, grep and cut. In this case to create a username list for identifying emails and domain accounts. Foundation: I was performing a relatively unique task for a social engineering engagement for a client. Normally I’ll just receive […]

I recently finished reading “Shoninki: The Secret Teachings of the Ninja” by Master Natori Masazumi – “The 17th-Century manual on the Art of Concealment”. This book is an absolute must for anyone into hacking, penetration testing or any other form of offensive security. It’s a very short and quick read, only 140 ‘small’ pages of […]

Quick update to add SSL support to Genesis, my (very) generic rootkit dropper which you can download at http://leetsys.com/programs/genesis/genesis-ssl.zip.  This allows us to download our rootkit over an encrypted tunnel.  Genesis still uses the curl library, however I chose not to compile it statically in this case.  If you wanted to compile this statically you’d have […]

Overview The fundamental issue with SSL is that of trust.  Despite all the effort that has gone into a robust and cryptographically secure design for SSL, its foundation is still easily abused.  In this paper I will explain an often-overlooked area of SSL exploitation.  That is the ability for any certificate to act as a […]

Follow

Get every new post delivered to your Inbox.