Room362.com

Blatherings of a security addict.

Projects

2013

PwnWiki Team

WhiteChapel-NG

WhiteChapel

  • Blog Post: /blog/2013/01/18/intro-to-white-chapel/
  • Description: WhiteChapel is a web app and backend that stores cracked or “known” passwords and hashes them into a number of different formats. This allows pentesters store a list and if they come across a local admin password that is reused or the same as one they might have found in a MySQL database they won’t have to crack it.

2012

NetView 1.0

1
2
3
4
5
6
7
8
9
10

C:\>netview.exe

Netviewer Help
--------------------------------------------------------------------

-d domain               : Specifies a domain to pull a list of hosts from
                          uses current domain if none specifed

-f filename.txt         : Speficies a file to pull a list of hosts from
-o filename.txt         : Out to file instead of STDOUT

Ditto 1.0

1
2
3
4
5
6
7
8
9

C:\>ditto.exe

ditto - binary resource mirrorer
--------------------------------------------------------------------

C:\>ditto.exe sourcebin.exe targetbin.exe


C:\>

2011

LetMetOutOfYour.net

2010

DeepMagic

Description: A “Google”-like search engine for DNS records

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

Projects
Things I've worked on, helped with, or still run

    Services
        Deep Magic
        A "Google"-like search engine for DNS records
        LetMeOutOfYour.net Egress Testing Site
        Answers w00w00t for web requests on any TCP port, any request on any UDP port and responds to any subdomain or URL with the same "w00tw00t" string. This is very useful for verifying or finding ways to egress a network.
        Q - Free Metasploit "Exploit Pack"
        An archive of modules, scripts, plugins and extensions that for one reason or another aren't in Metasploit or can't be.
        Disappeared
        An archive of infosec related sites, packages, downloads etc that are either no longer on the net or endangered to be so.
        Post Exploitation Command Lists
        A bunch of community created google docs that have commands and steps for post exploitation
    Coding Projects
        Netview
        A network based enumeration to for Windows networks
        Ditto
        A binary resource cloner (Icons and metadata)
        Metasploit
        A small little project ;-) - Been contributing since 2008 and using since 2005.
    Groups
        NoVA Hackers
        Started in 2009, it's a monthly meeting group of Northern Virginia, DC, and MD hackers/infosec peeps
        Penetration Testing Execution Standard
        A standard to help raise the bar and expectations. Just recently joined this group as support of the Post Exploitation section
        Collegiate Cyber Defense Competition - Red Team
        A college level defense competition where defenders are given vulnerable networks to defend against the evil Red Team - Been on the Mid Atlantic Region for 4 or 5 years, and just recently joined the National-level team
        Hackers for Charity
        Johnny Long (and his family)'s huge project to help Africa using technology - Been the social media / hype man for about 2 years.
    Blogs
        Metasploit Minute
        This ran for a bit but has kinda died, the original idea was to get useable demonstrations of up-the-the-minute additions to the framework
        Practical Exploitation
        A video demo site that involved not just one example but a 0 -> pwnd approach. Mostly dead due to the time it took to create each video.

Comments