Monthly Archives: October 2011

Proxy Detecting Callback Backdoor POC

Here’s the scenario: You send a target a backdoor through whatever means you want; phishing email, USB stick, whatever. If the network is like most environments today they are not restricting outbound requests on standard ports like 80 or 443 and thus our backdoor calls home on these ports and we have a connection inside […]

WOMAN v0.01 release

I’m releasing version 0.01 of WOMAN (Who’s On Ma Network). I find myself creating fake access points often for penetration tests and created this very simple tool to fill a need of mine. When clients associate to me I want a quick and dirty (and reliable) way to identify which systems are active and the […]

Capturing The Derbycon CTF

My good friend Justin and I recently won the Derbycon Capture The Flag competition. A few people mentioned that they’d be interested to see a write up from us. It seemed that more people were interested in our methodology than anything else so I will discuss our strategy and tactics and if anyone is interested […]