Truth be told, this isn’t really about bypassing AV. “Bypassing AV” would suggest a workflow of creation, execution, detection, analysis, modification, test, etc, which I certainly didn’t employ. The AV agents used by VirusTotal never detected the payload as malicious (nor did the AV product I use) so no bypass was actually required. Dart is…
Are your “coronavirus infosec strategy” Google searches not really returning useful results for you? Worried that any day now you’ll be put on the spot to explain how the infosec team will assure the BCP decisioning that is happening across your organisation as it prepares to respond across multiple complex scenarios around extended remote access…
Latest tested version: 1.11.0 Server platform: Scaleway VC1S VPS Debian 9.1 64-bit (£5/m) Client platform: Official Kali Linux 2018.1 64-bit VM Prereqs: Registration DNS control of domain of choice, non-root user with sudo access and SSH certificate authentication configured on VPS server and all packages updated. Please ensure you have the prerequisites configured otherwise you’ll…
WDTV Live Streaming Media Player release 2.03.20 (and likely earlier) contains a weakness that allows an unauthenticated attacker to change the web management password to a value of their choice. Nothing earth-shattering here, just a failure to validate that a POST request contains the correct validated headers that an authenticated user should have before processing the…
An excellent question! If you’re reading this, there’s a good chance you are considering joining us for what promises to be a pretty fly BSides Canberra Capture The Flag competition in just a few short weeks. The great news is that this CTF has been specially designed to include something for absolutely everyone, no matter…
With version 1.5.1, we’ve seen a few slight changes to the setup process. Unlike previous tutorials, I’m not going to yabber on as we walk through the setup. If you want background details, reasoning behind choices made or any verbose info on any part of this setup, check out the earlier tutorial or hit me…
Not a Review… Firstly, this is not a full review of Offensive Security’s Cracking The Perimeter course and the Offensive Security Certified Expert exam/challenge. If that’s what you’re looking for, go nuts with the following list of reviews: OSCE Review OSCE and me My OSCE Review Offensive Security’s CTP and OSCE – My Experience CTP/OSCE:…
I started this thing at work – we call it BugWeek – where a few times a year, the senior staff lock ourselves in my office and go to town on the corporate network. It’s a great way to find exposures that traditional vulnerability scanners don’t pick up, and it helps keep the blue team’s ‘red’ skills…
!!UPDATED INSTRUCTIONS FOR RELEASE 1.5.1 here !! Phishing is easy. Effective target phishing isn’t so easy. While there’s a good chance you can get someone somewhere to click a link, it’s harder to get them to enter credentials – sometimes you might be up against a savvy user who won’t take a bite of a…
The first ever BSides Australia conference has finished up, and it was an absolute blast. I had the opportunity to contribute to the BSides CTF component by coming up with the Trivia section and creating a boot2root style challenge (aptly named Mr Robot). The challenge had a few stages to complete (including a short dance on the…