Posts

HPQPswd Encrypted Passwords Decryption

HPQPswd Encrypted Passwords Decryption

Ever wondered how to decrypt HPQPswd encrypted passwords? So did I when, for the first time, I came across a strange file called password.bin with a magic value of _HPPW12_.

Read More 
Active Directory Dump

Active Directory Dump

During many penetration tests (or red versus blue team exercises), I have found myself with the need to investigate users, groups, computers and policies of a Windows domain. To do that, I have developed a series of PowerShell scripts that dump all that information from Active Directory into XML files.

Read More 
Updated AppLocker Dump Script

Updated AppLocker Dump Script

I have created a new version of this script so that it is better aligned with the conventions I use for other PowerShell scripts.

Read More 
Migrated From WordPress to Hugo

Migrated From WordPress to Hugo

I have been using WordPress since I started blogging, but since then, the blogging landscape changed a lot. Welcome to the age of static site generators.

Read More 
Portugueses e Senhas de Acesso, Um Caso de Estudo

Portugueses e Senhas de Acesso, Um Caso de Estudo

Nos últimos anos tenho tido a oportunidade de coleccionar várias listas de senhas de acesso. O que se segue é um caso de estudo focado em três dessas listas. Sendo que estas, são de sítios portugueses.

Read More 
Titan Quest Invincibility Cheat

Titan Quest Invincibility Cheat

In the last level of Titan Quest, every player will have to face the titan Typhon, Bane of the Gods. A task that is very far from easy…

Read More 
Bug Bounty, Serious Rewards

Bug Bounty, Serious Rewards

My first Bugcrowd private bug bounty program that involves some serious rewards. One thing is for sure, they got my attention :D

Inspecting AppLocker Policy

Inspecting AppLocker Policy

While doing incident response, if AppLocker is being used but the computer still got infected by a malicious executable, it is useful to know exactly what AppLocker policy is currently applied.

Read More 
Reversing Aruba Instant Firmware

Reversing Aruba Instant Firmware

Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.

What follows is the full process to extract all the files recreating the Aruba Instant firmware file system.

Read More 
SSH Brute Force and Suricata

SSH Brute Force and Suricata

Since SSH is one of the most pervasive ways to manage servers remotely, it is also one of the most plagued by brute force attacks. What follows is a simple set of Suricata rules to stop the majority of SSH brute force attacks. It will drop connections based on the reported SSH client version.

Read More