Covid-19 notes for CISOs

Are your “coronavirus infosec strategy” Google searches not really returning useful results for you? Worried that any day now you’ll be put on the spot to explain how the infosec team will assure the BCP decisioning that is happening across your organisation as it prepares to respond across multiple complex scenarios around extended remote access…

King-phisher setup

Latest tested version: 1.11.0 Server platform: Scaleway VC1S VPS Debian 9.1 64-bit (£5/m) Client platform: Official Kali Linux 2018.1 64-bit VM Prereqs: Registration DNS control of domain of choice, non-root user with sudo access and SSH certificate authentication configured on VPS server and all packages updated. Please ensure you have the prerequisites configured otherwise you’ll…

WDTV Live SMP Remote Password Reset Exploit (for starters…)

WDTV Live Streaming Media Player release 2.03.20 (and likely earlier) contains a weakness that allows an unauthenticated attacker to change the web management password to a value of their choice. Nothing earth-shattering here, just a failure to validate that a POST request contains the correct validated headers that an authenticated user should have before processing the…

Offensive Security CTP/OSCE Tips

Not a Review… Firstly, this is not a full review of Offensive Security’s Cracking The Perimeter course and the Offensive Security Certified Expert exam/challenge. If that’s what you’re looking for, go nuts with the following list of reviews: OSCE Review OSCE and me My OSCE Review Offensive Security’s CTP and OSCE – My Experience CTP/OSCE:…