A while back I picked up an Acer Chromebook 14 as an inexpensive laptop I could use around the house or lug along on trips without being overly paranoid I’d break it, lose it, or have it stolen. I did initially look into installing Linux on it after having it a few months but firmware support was very sketchy with newer Braswell Chromebooks at the time so I put it on the back burner for a while. I did toy around with using Crouton but performance was frustratingly bad and didn’t seem worth the bother to me. Continue reading “Installing Gallium OS + Pen-Testing tools on Stock Chromebook”
Better Directory and File Brute-forcing with BurpSmartBuster
Github: https://github.com/pathetiq/BurpSmartBuster/
DerbyCon Talk: https://www.youtube.com/watch?v=RFxUfoVgMrw
After watching the DerbyCon presentation by Patrick Mathieu I’ve been experimenting with replacing or at least supplementing Dirbuster with this new tool. It offers a lot of potential benefits: Continue reading “Better Directory and File Brute-forcing with BurpSmartBuster”
Obfuscating PowerShell Commands using Invoke-Obfuscation
Source: https://github.com/danielbohannon/Invoke-Obfuscation
Thanks to one of Dave Kennedy’s talks for making me aware of this tool for obfuscating PowerShell code. As PowerShell is used more and more in attacks the higher the likelihood there is for defenders to attempt to detect malicious commands or look for specific strings. To evade these detection techniques we can try to encode our commands to make them much harder to detect.
I’ll use the previous Bash Bunny Payload as an example with this tool.
Continue reading “Obfuscating PowerShell Commands using Invoke-Obfuscation”