Blog - Pentest Geek

Playing With the New Burp Suite REST API

One of the coolest new features released in the recent beta version of Burp Suite is the introduction of a REST API. I blogged about the UI and some other feature enhancements earlier this week. Today I want to talk a little bit about a command-line Ruby script that I’ve written to interface with this REST API called Burpcommander.
Read More


Burp Suite 2.0 Beta Review

A lot of changes have been made with PortSwigger’s recent release of Burp Suite 2.0! You can see a complete list of all the new goodies by reading the release notes. In this article I’m going to cover just a few key highlights that I think are important. Keep in mind I just upgraded this morning and my experience, analysis and opinion is based on only a couple of hours playing around.
Read More


Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’

A really cool CVE for attacking palo alto networks PAN-OS was published near the end of last year CVE-2017-15944.  Just last weak Philip Pettersson created a Metasploit Module to take full advantage of this bug and achieve remote code execution!
Read More


GPG Errors While Updating Kali Linux

I often run into the same GPG errors while updating Kali Linux’s apt-get repositories. The fix is simple enough but I seem to always end up Googling for longer than necessary so I wanted to place the working steps in a single place where I could have them when I undoubtably run into this issue again in the future.
Read More


Installing Kali NetHunter on HTC Nexus 9

Everything you need to begin installing Kali NetHunter can be purchased on Amazon. The only real requirement is of course a supported Android device however this guide also makes use of the keyboard folio which should be considered a necessity if you plan to do any real work on the tablet as well as an OTG cable for plugging in an external WiFi card.
Read More


Recovering Passwords From Hibernated Windows Machines

Recovering Passwords From Hibernated Windows Machines

A friend of mine recently asked if I could help them by recovering passwords from an old Windows laptop. Nothing nefarious here just a common scenario we’ve all been in before. They hadn’t used the system in quite some time and couldn’t recall the password to log in.
Read More


How To Install Metasploit Framework Ubuntu 17.10

How-to-install-metasploit-framework-ubuntu-14-04

The Metasploit Framework is an integral component to every penetration testers tool-kit. This guide will teach you how to install Metasploit Framework in Ubuntu 17.10. You will also install and configure RVM and Postgres.
Read More


How to Install Nmap From Source

How To Install Nmap

Nmap is a network mapping tool used during the Information Gathering phase of a network penetration testing engagement. It is completely free and open source. Click on the following link for more information about the Nmap Project. In this step-by-step tutorial you will learn how to install Nmap from source on an Ubuntu Linux machine.
Read More


Another Lap Around Microsoft LAPS

I recently landed on a client’s network with an implementation of Microsoft LAPS on a few thousand hosts. This blog post will walk through how to identify the users sysadmins delegated to view LAPS passwords, and how to identify the users sysadmins have no idea can view LAPS passwords.
Read More


Share This

Recent Posts

Subscribe To Our Mailing List

Become a Web App Penetration Tester

Penetration Testing

Categories

Metasploit

Web Application Hacking


Copyright 2018

css.php

Are You Using the Top 5 Pentest Tools?

Enter your email address to download your copy of our FREE e-book and find out now!

Thank you, now go check your email!!