Other articles

  1. Missing USB revocation on Android with Nethunter

    Fri 05 May 2017

    Today, I came across a strange issue when trying to interact with my phone using adb. I'd recently set up Kali nethunter on a phone I use for mobile application pentests, and found that I could no longer connect to it from my machine.

    The error message is rather unhelpful …

    read more
  2. Certificate Transparency as a recon technique

    Fri 04 November 2016

    I've been using certificate transparency with increasing frequency during my network pentests. What a great source of information! I've found it so useful that I wrote a short standalone script to search for domains in a transparency log and resolve them to IP addresses.

    What's certificate transparency?

    There's an actual …

    read more
  3. Setting up Nethunter despite infinite boot

    Sun 31 July 2016

    I have recently wiped and reinstalled a Kali Nethunter instance running on my Nexus 5 phone. It gave me a bit of trouble, so I thought I'd document the work-around in case it helps anyone out there :)


    • Google Nexus 5
    • Cyanogenmod (CM) with a nightly dating back to March …
    read more
  4. Metasploit soul-searching: scanning with metasploit

    I've been trying to expand my knowledge of Metasploit recently. I've gotten training which included quite extensive coverage of the framework, for which I'm grateful; but to really get how extensive the tool's functionality is, there's nothing quite like practice.

    With this in mind, I downloaded the metasploitable VM over …

    read more
  5. WebSockets

    Fri 14 March 2014

    WebSockets are a mechanism that allow a client (typically a web page) to talk to a server without the overhead and complications that web services may pose. The client first establishes a connection using http and then makes a request to switch over to websockets; the process is described in …

    read more
  6. VNC passwords

    Wed 12 March 2014

    We like to think of VNC passwords as encrypted; but when you consider that they're encrypted using DES (a weak encryption algorithm) with a key that is hardcoded... Well... That pretty much makes VNC passwords encoded and not encrypted. There are a few VNC password revealers out there, such as …

    read more

Page 1 / 6 »