Blog

Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

Cross site scripting is vulnerabilities in web applications that involves injecting valid HTML or scripts in some form or way. XSS is a very widespread vulnerability (see OWASP TOP 10) on the internet today. It is both easy to eliminate and easy to detect. It is however usually harder to exploit than for example SQL […]

Continue Reading
Blog

Ways to retrieve a missing persons account passwords

Since the creation of this post, many other ways of retrieving a password has been discovered, e.g. Mimikatz, Lan Turtle & Responder, Konboot and more. Norwegian newspaper claims police is lacking missing persons social media password Today, a major newspaper, VG announced that the progress in the of a missing person case may be set […]

Continue Reading
Blog

Can you use ONE WORD to describe the most important information security solution in your arsenal

One word On LinkedIn there was a word game in the group “Information Security Community“. The deal was to name what you think is the single most important thing in IT security. The now over 1 year old discussion is still active and keeps popping up in my LinkedIn newsletters. While I do not agree […]

Continue Reading
Blog

Unlocking locked laptop – From physical access to recovering NT hashes

A friend of mine worked at the IT department of a school and we had a talk about what consequences it may have if a laptop without disk encryption got into the wrong hands. He could not see what the big deal was if a student computer got lost so I suggested that if he would borrow me a computer from the school I would try to see what potential risks could come out of it. The laptop I got was old, worn down and scheduled for recycling. Perfect for this scenario!

Continue Reading
Back To Top