Category: Blog

  • Mapping attack surface for Ransomware / Cryptolocker

    Mapping attack surface for Ransomware / Cryptolocker

    With all the ransomware hitting everyone, everywhere, I decided to share my scripts on how I map the attack surface of internal threats, and subsequently ransomware / cryptolocker. It is not fully automated yet, but hopefully sharing this will give people the right ideas, and perhaps some might even automate it. For now, this only…

  • Using Powershell to fetch file hashes with multiple algorithms

    Using Powershell to fetch file hashes with multiple algorithms

    You might need to check file hashes across multiple directories and across multiple algorithms, e.g. verifying all files hashsums against both MD5 and SHA1. This is an example of how to accomplish such task using Powershell.                   The command you run is: gci -Recurse | select FullName |…

  • Remotely lock a computer, and prevent them from logging back in

    Remotely lock a computer, and prevent them from logging back in

    Sometimes you have to throw someone off a terminal, but at the same time preserve the evidence on the terminal. For example if someone is using a terminal to hack something, and you need to secure the running terminals to capture the commands that has been run. It is quite simple to accomplish this, as…

  • SANS Holiday Hack Challenge 2016 write up

    Brilliant CTF by Counter Hack team as usual. Tons of good fun, awesome challenges and a great story to go with it. Whats not to like? Here’s a quick write-up on the answers I produced on the 2016 challenge. 1) What is the secret message in Santa’s tweets? I wrote a simple Javscript to extract…

  • Hassles and concerns upgrading from Windows 10 Home to Pro

    Windows 10 Pro supports some features that are nice to have, especially if you like to take advantage of more features of your OS than the Home edition allows for. Windows store changes my local account to an online account The Window shop application requires you to sign in with your MSDN account. Once you’ve…

  • Phish claiming your domain is about to be registered on Asian TLD’s

    If you get email from someone claiming that your domain is about to be registered on Chinese and other Asian top-level-domains, don’t worry. This is very likely to be a scare tactic to get you to buy their domain for a high price. Ignore it, and move on. Heres an example: Dear CEO, (If you…

  • Cipher and Password Bruteforcing with OpenSSL

    Ever had to crack something, but you don’t know the cipher? Sometimes the encrypted text gives you clues on which encryption algorithm has been used, but not always. For those cases, it might be useful with the script I am talking about in this post. Bruteforcing the cipher type might be the only way to…

  • Guest blog at pen-testing.sans.org – Azure 0day Cross-Site Scripting with Sandbox Escape

    My guest blog post over at SANS’s pen-testing blog went live. Hope you like it! Check it out here: https://pen-testing.sans.org/blog/2016/08/19/azure-0day-cross-site-scripting-with-sandbox-escape  

  • Hacking in 2016 – How are our systems broken?

    A presentasjon I did for Norwegian Developer Conference on attacking systems. Lots of demos!

  • Rapid android application pentesting

    This is a quick guide to get started with Android application testing. I wont delve into details of testing, but instead cover what is necessary to do in order to get started. The topics I go through are: Get a hold of an Android device through emulation or physical device Find and download the APK…