I ran across this awesome article discussing different ways you can disable and/or bypass the execution policy in PowerShell. Turns out they found 15 of them! This is critical when you are performing penetration tests and using techniques such as “living off the land”.
Well it turns out the folks wearing tin foil hats were right about this! Now if only Facebook would admit it’s tapping my cell phone mic to generate advertisements on my Wall… 😉
If you haven’t changed your IoT devices credentials from their defaults, you should! This botnet is using default credentials to take over the IoT device and corrupts the embedded Linux operating system by overwriting it’s storage, dropping the firewall, etc. To get it back up and running you will need to re-flash the firmware in most of the cases.
Someone posted this video on one of the Slack workspaces that I’m on. It was really informative on the techniques used and where the current state of the art quantum computers currently are. The good news is current quantum computers don’t have enough quantum memory to break large primes, however I wonder if there’s such a thing as Moore’s Law for quantum computing in which case the Internet will be in big trouble in just a few years.
I found this tutorial on using recon-ng, which is a tool used for pentesters for gathing open source intelligence (OSINT) about an individual or a company. It features a Metasploit-like interface and has the ability to crawl social networks, Google, WHOIS databases, etc to collect information about a company, it’s employees, it’s domains, etc.
I found this walk-through on Twitter this afternoon which was put together by TrustedSec. This technique is great for running payloads on Windows systems remotely!
I found this site today that will tell you what services are open on either a network or a host.
I found this video on Twitter regarding how to create “super” word lists using DyMerge which is installed by default on Kali Linux.
I found this video this morning on Twitter. The only tool that I’ve used for finding and using SQL Injection was sqlmap, but apparently Kali has another tool that serves the same purpose called SQLsus.