Month: January 2013

Laudanum by Example: Shell

Previously, I wrote a post providing a brief introduction to Laudanum.  If you haven’t read it, or don’t know what Laudanum is, I encourage you to read that post first (don’t worry, it is fairly short).  In this post, I am going to take a look at how Laudanum can be used.  Specifically, I am …

Laudanum by Example: Shell Read More »

Introduction to Laudanum

As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem.  The best consultants have the know-how to understand which tool to use in which scenario.  Imagine if during a penetration test I used SQLMap to look for CSRF …

Introduction to Laudanum Read More »

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler Setup Read More »

Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as well as file shares that allow any authenticated user.  It certainly makes sense for organizations to have file shares that are accessible to all employees …

Finding the Leaks Read More »

Scroll to Top