Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition)

This article describes a typical penetration testing / hacking scenario : gathering as many email addresses of a target company in order to carry out more effective phishing campaigns. Note this is only one possible approach out of many... In this particular example, we're picking on Kaspersky Labs, for no particular reason, just as an … Continue reading Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition)

Advertisements

Z-Wave : Lessons Learned – Python OpenZwave

This article explains a few missing pieces of the puzzle I had when setting up a home automation network using ZWave. Most of this information is available publicly but it took a while to find or to actually make the connection between what I wanted and what I needed to look for in the documentation.   … Continue reading Z-Wave : Lessons Learned – Python OpenZwave

RxJS: The bridge between plain JS and ReactJS

Scenario During front-end development, we sometimes have to deal with code which cannot be imported easily into your ReactJS app. This situation arises frequently when dealing with a legacy codebase, or when you have a large, heterogeneous codebase with different teams taking care of different "sections" of the front-end. This article explores one method that … Continue reading RxJS: The bridge between plain JS and ReactJS

Pentesting gRPC-Web : Recon and reverse-engineering

gRPC-Web has reached General Availability! The official blog announcement can be found here: https://grpc.io/blog/grpc-web-ga gRPC makes leveraging Protocol Buffers extremely easy, and ProtoBufs in and off itself has some very good advantages over REST when it comes to performance and contract-based development. However so far ProtoBufs are used typically in the backend to facilitate inter-microservice … Continue reading Pentesting gRPC-Web : Recon and reverse-engineering

Pentesting gRPC / Protobuf : Decoding First steps

Protocol Buffers (a.k.a ProtoBuf) and other binary serialization representations are gaining popularity, especially in inter-microservice communication. Unlike JSON or HTTP, ProtoBufs are not human readable (hence the "binary" part of binary serialization) , but that translates into an advantage of  less overhead, leading to performance gains, and the ability to code against a fixed schema … Continue reading Pentesting gRPC / Protobuf : Decoding First steps

Android hacking tools update for Sept 2018

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

First steps in writing a custom OWASP ZAP extension

OWASP ZAP is a very popular attack proxy typically used in Web Application penetration tests. Think "Open Source BurpSuite", and that's ZAP in a nutshell. It has become my go-to tool for penetration tests, and it definitely is a fantastic piece of software that ticks all my boxes - except one. The problem : Note taking … Continue reading First steps in writing a custom OWASP ZAP extension