Filed Under #security

Just received the email this morning that I passed the Penetration Testing with Kali Linux exam and obtained my Offensive Security Certified Professional (OSCP) certification. Hooray!

On many trips and holidays I find public Wi-Fi hotspots, e.g. in hotels or bars, which use a “captive portal” where you have to authenticate before you are allowed to access the internet.

With the new Kali 2019.4 release, Kali comes with an ‘undercover’ mode which make the Kali desktop look like Windows 10.

As mentioned in my previous article about logging the terminal session, it would be very nice to have the date time echo-ed regularly, to be able to find your way in the log-file.

Many times I’ve used Netcat to setup (reverse) shell from a compromised machine. Digging into services lately, I thought why not use a service to make Netcat a persistent to be able to return to the machine.

As a penetration tester you really must log all steps you take to make a complete and detailed report for the client. Ofcourse you can’t help that once in a while you miss one step. From my training I got a valuable tip to use the script command for logging complete terminal sessions.

On my road to OSCP I just finished one awesome week of OSCP Training. The live Penetration Testing with Kali Linux (PWK) training by Offensive Security trainers.

Bloomberg release a very detailed report on how Amazon discovered a hardware backdoor the size of a single grain of rice in servers manufactured by Elemental Technologies.

The Netherlands was plagued by numerous DDOS attacks lately. The tax authorities, Bunq bank and many other banks and government agencies. The attacker was careless and left some traces and was even arrogant enough to seek contact with the sysadmin of Tweakers.net, one of the targeted sites.

Recently I was asked to give feedback on a new website. It uses Wordpress, but why? Why not? So I researched a bit and was able to give a well-founded answer. about the risk of having plug-ins installed.

Every modern Intel CPU has Intel’s Management Engine (ME) built in. You actually get another OS completely free with your CPU: MINIX.

To me Universal Plug and Play (UPnP) alway was a mysterious protocol. When some cool program required an open port, UPnP made it happen. When some fancy program did not work, someone would ask me: “Did you enable UPnP”? Right, I forgot… I had no clue what magic UPnP did for me.

At times I find myself in situations in which I can not rely on my favorite commandline text editor VIM. But of course editing files is a must. Writing my own non-interactive line editor actually did cross my mind, but hold on… What about my old time friend sed?!

Equifax is a consumer credit reporting agency and last week it got hacked. Now the information of 143 milion US citizens, about 45% of the population, has been compromised by hackers. The hackers got access to names, birth dates, addresses but also social sercurity numbers and in some cases drivers license numbers.

Many years ago, I studied the art of picking locks. Not to do anything illegal, but just to learn about locks and how they work. Most importantly, open locks in a non-destructive way the manufacturer certainly did not intend to open. I bought a lock picking set and a practice lock. Over the years I collected some other locks, formerly used in real life. I finally got a chance to show off my skills.

Recently in my OSCP course, I was struggeling a few hours to get a reversed shell connection. It was a FreeBSD box, not quite my expertise. Finally I came up with a simple solution using tail -f.