DerbyCon 2017

What a blast this year! As always, DerbyCon was a huge success. Paul Oakenfold was cool to see live, although he had zero energy and seemed like he was just ready to leave. DualCore always keeps it real, Busta is…well… And, a big shout out to Dave Kennedy and team for putting together one of … More DerbyCon 2017

10 Classic Cons

As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons

IBM POS System Keys

So, apparently many IBM POS (MM987 MM926 code cut numbers) systems are keyed alike. Give it a try on your next physical security assessment where they may be used: eBay Link

Hacking WPA Enterprise / hostapd-wpe

Using the hostapd-wpe toolset is the easiest way to run an attack against WPA Enterprise implementations as everything is already built-in. The attack requires a compatible wireless card. The hostapd-wpe version has been updated from 2.1/2.2 to 2.6, which now allows for 802.11n/ac traffic as long as it’s supported by your card… https://www.offensive-security.com/penetration-testing/hacking-wpa-enterprise-with-kali-linux