Category: penetration testing

UnkL4b/GitMiner: Tool for advanced mining for content on Github
penetration testing, UNKL4B

UnkL4b/GitMiner: Tool for advanced mining for content on Github

filename:.npmrc _auth npm registry authentication data filename:.dockercfg auth docker registry authentication data extension:pem private private keys extension:ppk private puttygen private keys filename:id_rsa or filename:id_dsa private ... Read More

Burning down the house with IoT
A Zero Day Latest News, Internet of Things

Burning down the house with IoT

For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then ... Read More

Getting your head under the hood and out of the sand: Automotive security testing
A Zero Day Latest News, Automotive Security

Getting your head under the hood and out of the sand: Automotive security testing

We’ve been pen testing in automotive for several years now. Along the way we’ve had some fascinating experiences, working with some insightful and forward-thinking OEMs. ... Read More

Slok API
A Zero Day Latest News, pentest

Slok API

You may have read my previous post where I had a look at the SLOK padlock and found it had an interesting BLE interface which ... Read More

The null choice. A social engineering example in the wild
A Zero Day Latest News, pentest

The null choice. A social engineering example in the wild

With social engineering there are lots of ways to get what you want, depending on the circumstance of course. The null choice is one that ... Read More

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming
A Zero Day Latest News, pentest

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming

Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within ... Read More

Don’t ‘Roley’ your own encryption, says Bob the Builder
A Zero Day Latest News, pentest

Don’t ‘Roley’ your own encryption, says Bob the Builder

The Uplogix 3200 is a console server for out-of-band management. It claims ‘high security’ as it’s a closed appliance with a locked-down OS. We were ... Read More

The not so ultra lock
A Zero Day Latest News, pentest

The not so ultra lock

This post couldn’t have been written without @evstykas and @cybergibbons. I became aware of the Ultraloq from U-tec a few months ago. For a room ... Read More

F5 Networks Endpoint Inspector – Browser-to-RCE?
A Zero Day Latest News, pentest

F5 Networks Endpoint Inspector – Browser-to-RCE?

If a bug falls in the forest, and the vendor denies that it’s a bug, is it still a bug? TL;DR? The F5 Endpoint Inspector ... Read More