Archive for January 31, 2013

 

Laudanum by Example: Shell

January 31, 2013

Previously, I wrote a post providing a brief introduction to Laudanum.  If you haven’t read it, or don’t know what Laudanum is, I encourage you to read that post first […]

 

Introduction to Laudanum

January 30, 2013

As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem.  The best consultants […]

 

Hi, I’m with IT and I’m Here to Steal From You

January 15, 2013

Beware of the Unknown IT Grunt I decided to continue on with the same theme as Kevin’s post about the delivery guy.  Secure Ideas was recently asked to do a […]

 

WinPhone 7: Fiddler Setup

January 10, 2013

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture […]

 

Finding the Leaks

January 9, 2013

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as […]

 

Spear Phishing: “You guys are Shady!”

January 2, 2013

This post is part of our Professionally Evil series of posts that discuss some of the experiences we have had as Security Consultants.  In Kevin’s previous post he talked about […]