Mac OSX Password Cracking TL;DR: There are several ways to enumerate information from a Mac shell and to collect encrypted credentials for OSX password cracking. Problem and Rationale During a recent assessment the client had close to 10,000 Mac OSX systems throughout their global presence. All of these Macs were authenticating to Active Directory and […] The post Mac OSX Password Cracking appeared first on Hackers...

Decoding Weak CAPTCHA’s TLDR; Weak CAPTCHA services utilized on the internet can be programmatically solved with a fairly high success rate. Problem A lot of firms, including mine, have begun to recommended CAPTCHA’s be used on all web forms which feed into existing business processes (registration pages, contact pages, etc). This recommendation can be a […] The post Decoding Weak CAPTCHA’s appeared first on Hackers...

Giving a Blackwidow it’s “Teensy” Fangs: How to Install Hardware Backdoors within Modern Keyboards TLDR; It is very possible to place a Teensy within modern keyboards and mice as a hardware backdoors in order to implant a Trojan on a targets computer. Warning #1: Please understand that working with electrical equipment and components is inherently […] The post Giving a Blackwidow it’s “Teensy” Fangs appeared first on Hackers...

LPIC 1 and LFCS TLDR; The LPIC 1 and LFCS certifications can both be used to validate your skills, however the LFCS provides a robust and uniquely hands-one, testing approach. I recently passed the LPIC 1 (Linux Professional Institute Certified System Administrator) and LFCS (Linux Foundation Certified System Administrator) certification exams. I’m now planning to […] The post Linux Administration Certifications: LPIC 1 and LFCS appeared first on Hackers...

Browser Guidance TLDR; JavaScript can be utilized to detect the victims browser and operating system, in order provide a little browser guidance and increase payload success rates. Problem In some cases, Trojan payloads and/or ploys don’t play very nicely when opened with newer browsers, during social engineering campaigns. Most noteworthy is the classic HTA payload […] The post Just Providing a little Browser Guidance appeared first on Hackers...

TL;DR: mRemoteNG uses insecure methods for password storage and can provide droves of valid credentials during an assessment or competition. Level Set mRemoteNG (mremote) is an open source project (https://github.com/rmcardle/mRemoteNG) that provides a full-featured, multi-tab remote connections manager. It currently supports RDP, SSH, Telnet, VNC, ICA, HTTP/S,  rlogin, and raw socket connections. Additionally, It also […] The post mRemoteNG: Just Loaded with “Features”...