For many reasons, I frequently get asked for advice from people who are just starting to pursue a career in Cyber Security. I wanted to write this blog post to give advice and give back to the community I love so much. I think I have a somewhat unique perspective. I’ve been an employee (for […]

New York State Department of Financial Services – 23 NYCRR 500 – ‘CyberSecurity Requirements for Financial Services Companies’ Overview: Yes, that title is a serious mouthful! In this post I want to give a quick overview of what this new law states and requires as it was just released today! Like most legal documents it can […]

Bypassing HSTS when Adobe crossdomain.xml is configured to be overly permissive. Synopsis Domains protected by HSTS which use an Adobe CrossDomain Policy (poorly configured) are vulnerable to the very attacks which HSTS is meant to protect against. The issue presents itself when the CrossDomain Policy allows access from domains without HSTS protections. The most damning configurations […]

Synopsis: I’m releasing version 0.1 of a web screenshot tool I wrote to make recon of a target organizations web resources very fast and effective. Details: I chose to write a tool to perform this task after trying to find one that fit my needs but unfortunately the tools I found either didn’t fit exactly […]

I wrote this DLL years ago and spoke about it at Rochester BSides last year. I’ve been meaning to post this since then, but time tends to get away from me. Because Windows 2K and XP might not be around that much longer I’m going to keep this post short and sweet. You can download […]

Synopsis: No it’s not a typo, that’s the name of the book. If you’re a penetration tester or into social engineering you MUST read this book, however anyone and everyone will find this extremely entertaining and really enlightening. There was so much to this book, I can’t recommend it enough. Immediately the author really draws […]

Summary: A method and scripts to grab bulk data from Linkedin profiles and format it, using Burpsuite, curl, grep and cut. In this case to create a username list for identifying emails and domain accounts. Foundation: I was performing a relatively unique task for a social engineering engagement for a client. Normally I’ll just receive […]

I recently finished reading “Shoninki: The Secret Teachings of the Ninja” by Master Natori Masazumi – “The 17th-Century manual on the Art of Concealment”. This book is an absolute must for anyone into hacking, penetration testing or any other form of offensive security. It’s a very short and quick read, only 140 ‘small’ pages of […]

Quick update to add SSL support to Genesis, my (very) generic rootkit dropper which you can download at http://leetsys.com/programs/genesis/genesis-ssl.zip.  This allows us to download our rootkit over an encrypted tunnel.  Genesis still uses the curl library, however I chose not to compile it statically in this case.  If you wanted to compile this statically you’d have […]

Overview The fundamental issue with SSL is that of trust.  Despite all the effort that has gone into a robust and cryptographically secure design for SSL, its foundation is still easily abused.  In this paper I will explain an often-overlooked area of SSL exploitation.  That is the ability for any certificate to act as a […]