little post on using ncrack to brute/check domain creds user@ubuntu:~/pentest/msf3$ ncrack 192.168.1.52:3389,CL=2 --user=username@domain --p...

I remember many years ago writing my first buffer overflow, a standard stack bug privilege escalation in I think RedHat 7x which I thought w...

I've been busy... :-( But i do have some upcoming conference speaking engagements coming up. So. If you are heading to BruCon catch me a...

Looks like the Morto worm is floating around. I frequently run into just seeing 3389 open on pentests and if the local admin account is ...

Dave Ferguson has beaten up on forgotten/reset password functionality for some time and recently participated in an OWASP podcast where he d...

Hi dudes, we have got a studies over facebook forensics, please feel free to reference and enjoy it from here. Special thanks to Captain...

You may find yourself needing to do process injection outside of metasploit/meterpreter. A good examples is when you have a java meterpreter...

Ken "cktricky" Johnson has agreed to join the carnal0wnage/attackresearch blog and I cant be more excited. Ken brings tons of weba...

SynJunkie has a couple good posts on citrix escapes: http://synjunkie.blogspot.com/search/label/Citrix and of course iKat http://ikat.ha.cke...

Joe McCray with Strategic Security is running a two week exploit dev course. Course Description & Instructor Information: http://strateg...