A really cool CVE for attacking palo alto networks PAN-OS was published near the end of last year CVE-2017-15944. Just last weak Philip Pettersson created a Metasploit Module to take full advantage of this bug and achieve remote code execution!
I often run into the same GPG errors while updating Kali Linux’s apt-get repositories. The fix is simple enough but I seem to always end up Googling for longer than necessary so I wanted to place the working steps in a single place where I could have them when I undoubtably run into this issue again in the future.
Everything you need to begin installing Kali NetHunter can be purchased on Amazon. The only real requirement is of course a supported Android device however this guide also makes use of the keyboard folio which should be considered a necessity if you plan to do any real work on the tablet as well as an OTG cable for plugging in an external WiFi card.
A friend of mine recently asked if I could help them by recovering passwords from an old Windows laptop. Nothing nefarious here just a common scenario we’ve all been in before. They hadn’t used the system in quite some time and couldn’t recall the password to log in.
Nmap is a network mapping tool used during the Information Gathering phase of a network penetration testing engagement. It is completely free and open source. Click on the following link for more information about the Nmap Project. In this step-by-step tutorial you will learn how to install Nmap from source on an Ubuntu Linux machine.
I recently landed on a client’s network with an implementation of Microsoft LAPS on a few thousand hosts. This blog post will walk through how to identify the users sysadmins delegated to view LAPS passwords, and how to identify the users sysadmins have no idea can view LAPS passwords.
In this step by step tutorial we will discuss some of the more advanced use cases for the Burp Suite. Credential harvesting through Man In The Middle attack vectors can be your saving grace during an otherwise uneventful penetration test. You can watch a video version of this tutorial Here. This guide is intended to be educational as well as entertaining. The author does not condone or encourage illegal hacking activities.
I’m sure many of you have heard of the new free service from letsencrypt.org which essentially offers a valid SSL Certificate for everyone. The goal of the project is to run the entire internet over HTTPS without any excuses.
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
- Recovering Passwords From Hibernated Windows Machines
- How To Install Metasploit Framework Ubuntu 17.10
Subscribe To Our Mailing List
Want To Be a Better Pentester
Subscribe to our mailing list and recieve FREE pentest tips, tricks, product reviews, news, article release notifications and more!
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking