Happy to release my first offensive security tool on GitHub 😀 !
DNSlivery - Easy files and payloads delivery over DNS
https://t.co/czRpcQvW2D
Special thanks to @joff_thyer, @securityweekly and @MDSecLabs for the inspiration.
@DDhopn@plutus Also unlocked my very first staked reward level a bit too early then: April 14th 😢. Mainly due to what has been said during the AMA that happened a day before 🤷♂️. Any chance of going back a bit earlier?
Meet Secretive!
I like the approach because it removes the key from my storage and moves it into something more difficult to hack, the Secure Enclave.
I have no affiliation with the tool, but I use it daily and wanted to share it with you.
https://t.co/AKvXS5h4tw
2/2
Want to know how to exploit the recently patched #Microsoft#Exchange CVE-2020-0688? @hexkitchen provides the details on how to take advantage of the fixed cryptographic keys used during installation. https://t.co/N7fds4do5s
So sad the #APSE training is already over 😢 ... I really appreciated the practical approach and I never had so much fun during a training. Looking forward to try the cert now 😁 ! @humanhacker@SocEngineerInc
@s0lst1c3@singe@programehr@sensepost Nothing new indeed. This is not a research article by any means but rather a knowledge base of existing attack techniques.
So your company uses WPA-Enterprise and feel secure? What if I told you that most devices do not validate the authentication server certificate...
Learn how to steal WPA-Enterprise credentials with this new PwnageBase article:
https://t.co/ImZs5Mhjhu
@s0lst1c3@sensepost@singe
@singe@s0lst1c3@sensepost@_cablethief@defcon Yep, I tested this morning and can confirm this works as expected. I plan to write a dedicated article on MiTM rogue AP further on, which will mention this behavior :)
@singe@s0lst1c3@sensepost What about his great hostapd patch regarding the support of legacy SSLv2/SSLv3 client? (https://t.co/FTcGUK4tcg). Are you interested in adding the same support to hostapd-mana? I happen to have a working patch for hostapd-mana on my local machine 😀
Updated berate_ap https://t.co/gcXHlqF5mN with Mana logging flags and thanks to @no0be's pull request a bit neater by splitting Mana and WPE flags into separate options.
@jaesonschultz It does not use base64 in DNS name but only within TXT record content. I don’t believe there is any issue with those chars in that case. It this?
Just released an update that handles lost DNS responses during payload delivery, still without the need for a dedicated client on the target 😀 ! This adds an additional (transparent) stage to the delivery process. All details available on GitHub #infosec#pentest#redteam
Happy to release my first offensive security tool on GitHub 😀 !
DNSlivery - Easy files and payloads delivery over DNS
https://t.co/czRpcQvW2D
Special thanks to @joff_thyer, @securityweekly and @MDSecLabs for the inspiration.