A few months ago I heard about the Warberry Pi project – a great little project that uses a Raspberry Pi to covertly gather intel on the network that it’s dropped onto. The thinking behind this project is that the Pi is small enough for a red teamer to surreptitiously hide in a target location,… Read More »
It’s early July, which means that it’s time for the drive up to Sheffield for SteelCon2018 – The North’s premier Hacker Con. SteelCon is a very friendly, community-minded 6 day conference for hackers and InfoSec people, held at Sheffield Hallam University, in Sheffield. (The main conference is Saturday, recovery on Sunday, and the preceding days… Read More »
Being accidentally given a list of all domains and sub-domains within an organisation increases vulnerability to attacks and exploits. A recent engagement uncovered something I”ve never encountered before – I was able to complete a full DNS zone transfer. Usually DNS is locked down so that it’s not possible to complete a zone transfer, but… Read More »
4 days learning from industry leaders: I recently attended a four day intense Hands on Hacking course in Manchester, hosted by Hacker House. If you’ve not heard of the company, chances are you’ve heard of the founders; Jennifer Acuri and Matthew Hickey, both of whom are respected InfoSec professionals who not only have many years… Read More »
Doing the right thing doesn’t always please everyone Recently I’ve been having a refresher around the area of Google Dorks – using sites and content indexed by Google to carry out Open Source Intelligence (OSINT). As is always the case, you’ll stumble across some interesting items that you can be sure the owner doesn’t want… Read More »