One Coin to Rule them All! Colors Solution: Colors Challenge Looking at the source for this challenge, we can see a few elements that are not displayed within the website itself. We can see various strings of Base64, and colors displayed inline. Considering the name of the challenge, we will be focusing on the colors …
Facebook’s Gut Punch Looking at the internal impact of a total network failure In case you hadn’t heard, Facebook went down. And of course, when someone says, “Facebook went down,” it covers much more than facebook.com. Instagram, Oculus, and WhatsApp, all part of the global Facebook system, tend to suffer the same fate as their …
Whether this is your first time looking for a penetration test, or you’re just interested in a refresher on what you need to do on your end, here at Open Security, we have you covered. We want to do our best before, during, and after an engagement to make sure that you are getting the …
Figuring out what actually constitutes a penetration test can be a surprisingly tough question to resolve. Between scanning vendors exaggerated claims and a misunderstanding of what real-world penetration testing can produce, it can take a CISSP to untangle the details. However, by the end of this post, you’ll know what real-world penetration testing ought to …
Any company that wants to maintain a competitive edge in today’s global economy needs to work faster, cheaper, longer, and more precisely than ever before. In the wake of a pandemic that ran employees out of the office for over a year, the workforce has evolved dramatically. From one which previously relied primarily on remote …
Data vs Damage: Comparing Threats and Risks Between IT and OT Read More »
I woke up excited. It’s my birthday. The day I eat whatever I want, my wife and kids are nice to me, and things are generally groovy all day long. I open my email and there’s a gift from my friend Adam…a digital gift card to my favorite online purveyor of technology, Newegg! Adam, you …
A Lesson Learned From The World’s Most Famous Hacker Read More »
Scams and cyber-attacks based around COVID-19 misinformation are on the rise. The following is a regularly updated list of legitimate data from sources such as the WHO, CDC, and John Hopkins University. https://www.who.int/emergencies/diseases/novel-coronavirus-2019 https://www.cdc.gov/coronavirus/2019-ncov/index.html https://coronavirus.jhu.edu Staying safe while at home requires healthy skepticism. Below are resources to assist in the identification of fake and scam …
tl;dr To avoid dependency issues take advantage of built in Java functionality provided by the Sleep scripting language used to write Cobalt Strike Aggressor Scripts. This post examines making web requests without passing execution to an external binary and also discusses using threading to make long requests in the background. Why? Recently I was working to build …
Please Don’t Pass to ‘Exec’ – Making Web Requests in Sleep Read More »
Obligatory – ‘if you haven’t seen the background post on Cryptbreaker you can check it out here. Today I’m excited to announce that version 1.2 of Cryptbreaker is officially released! Release Notes As usual, lets start with the release notes. The primary focus of the 1.2 release was expose existing Cryptbreaker functionality via API. A …
Intro This blog is the first of several planned ‘feature’ deep-dives where we’ll discuss some of the features provided by Cryptbreaker in greater detail. This is intended to serve as the ‘official’ documentation of the filtering features of Cryptbreaker and will be kept up to date as such. Filters A main goal of Cryptbreaker was …
