NMAP 5 Cheatsheet

Tuesday, February 23rd, 2010

Here's a nice little cheatsheet for NMAP 5 making it's rounds today on the internet:http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdfVery handy.

Taking Screenshots Of The Victim’s Computer With Metasploit

Saturday, January 30th, 2010

Here's a quick example of grabbing a screenshot of a compromised system using meterpreter's espia module.  Start with a basic exploit to gain a meterpreter session.  You'll need to make sure you migrate to a process that has access to Active Desktop or else you will get nothing but blank ...

Using Metasploit’s Incognito To Impersonate User Tokens

Saturday, January 30th, 2010

I just wanted to show a quick example of using Incognito to impersonate user tokens on a compromised system.  You can think of tokens as a web "cookie" which is just an object that holds your security information for the entire login process so that you don't have to re-authenticate ...

Bing Web Server Probe

Thursday, January 28th, 2010

This is a tool for security researchers. It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing.Download: http://bingprobe.codeplex.com/

How Many Virtual Machines Do You Have Running At Home?

Friday, January 22nd, 2010

I just noticed that I have 13 different virtual machines installed on my home VirtualBox installation.  It seems like a lot but there are many more that I would love to install and play with.  This is just a variety of flavors I've needed in the past for "testing" ...