HARVESTING PASSWORDS FROM CISCO CONFIGS POSTED ON ONLINE COMMUNITY FORUMS

An article about why sharing your Cisco running config file on public support forums may be dangerous. It starts with a general introduction to secrets found in running configs, highlights the process of harvesting configs using metagoofil and decrypting the password hashes.

ENUMERATING SMB SHARES WITH SMBSCAN: A HANDS-ON GUIDE

A wee writeup about the SMB enumeration tool smbscan, which I had recently discovered on GitHub. The post introduces SMB, highlights the functionality of smbscan, and provides practical insights for uncovering hidden shares, finding sensitive files and auditing permissions.

WHO'S WATCHING YOU? SECURITY ANALYSIS OF THE LSC 1080P IP CAMERA FROM ACTION

A wee writeup of a security analysis of an LSC 1080P IP Camera sold by Action. The posts summarise multiple vulnerabilities we could identify including weak encryption of passwords, lack of authentication and inappropriate hardware hardening.

SQL INJECTION VULNERABILITY IN CHURCHCRM (CVE-2021-41965)

A wee writeup of an SQL injection vulnerability I had found within the open-source ChurchCRM CRM software. This vulnerability allows logged-in users to completely compsomise the database.

RECOVERING WIFI SSIDS FROM CHROMIUM'S NETWORK PERSISTENT STATE FILE

In this post, I’ll explain how Chromium’s Network Persistent State file can be utilised to recover SSIDs a suspect has previously been connected to.

A FORENSIC GOLD MINE III: FORENSIC ANALYSIS OF THE MICROSOFT TEAMS DESKTOP CLIENT

In this post, I will look at the abundance of forensic artefacts which can be collected from Microsoft Teams Client on Windows Desktops.

A FORENSIC GOLD MINE II: FORENSIC ANALYSIS OF SIGNAL MESSENGER ON WINDOWS 10

In this post, I will look at the abundance of forensic artefacts which can be collected from Signal on Windows Desktops.

A COMPLETE LIST OF FREE FLIGHT SEARCH APIS IN 2021

In this blog post, I will have a look at freely available APIs for searching flight tickets.

A FORENSIC GOLD MINE I: FORENSIC ANALYSIS OF VIBER MESSENGER ON WINDOWS 10

In this post, I will look at the abundance of forensic artefacts which can be collected from Viber on Windows Desktop.

CRACKING NTLM HASHES ON GOOGLE CLOUD'S NVIDIA TESLA T4 GPU

In this post I will explain how I used a Nvidia Tesla T4 GPU rented from Google Cloud Platform to crack NTLM hashes using hashcat and John the Ripper at blazing speeds.