Cohort 1 Wrap-Up: Thank You and What's Next
We wrapped up Cohort 1 of the WiFi Attacks Specialist course last week and I wanted to take a moment to say thank you to everyone who joined. Twelve …
Blog
EAP-TLS Security: How Attackers Exploit Enterprise Wi-Fi Vulnerabilities
TL;DR – EAP-TLS Wi-Fi Authentication in a Nutshell EAP-TLS provides strong mutual authentication using client/server digital certificates. The process includes …
Building a Compact XOR Encoder for Shellcode: A Step-by-Step Assembly Guide
If you’ve been through the Worldmail exploit write-up or spent any time developing shellcode, you’ve run into bad characters. NULL bytes that kill …
Corelan Advanced Exploit Development Review: Is It Worth It?
People had warned me. “It’s 9am to 9pm,” they said. “You won’t sleep much.” They weren’t wrong. Three days of Corelan …
Penetration Testing in Social Housing: My Interview With Housing Technology Magazine
Housing providers hold a significant amount of sensitive personal data — tenant records, financial information, maintenance histories — and increasingly rely on …
ConScan v1.2: Username Disclosure and Brute-Force Added to Concrete5 Scanner
ConScan has been updated. If you’ve been using the Concrete5 black-box scanner since its initial release last October, version 1.2 adds two features that …
Teaching Exploit Development at BSides London 2014: What I Learned From My First Workshop
BSides London 2014 was a milestone for me. Not because of the conference itself — though it was great — but because it was the first time I’d stood in …
Bypassing ASLR: Techniques for Exploit Developers Who've Hit the Wall
So you’ve worked through the stack overflow. You’ve got EIP control. You’ve confirmed your shellcode executes cleanly in the lab. Then you …