Author Archive


OSINT Framework

Author: Martin Voelk
May 31, 2017

For everyone in need of Open Source Intelligence Gathering. This is an excellent list for intelligence. Also downloadable from Github.

http://osintframework.com 

Share

Google Dorks for Data Mining

Author: Martin Voelk
March 1, 2017

Who doesn’t know the problem. You have a basic LinkedIn account and you want to do business development. Your searches are limited to X numbers, you don’t get the full search interface like Premium users and all that annoying stuff.

To the rescue once again comes Google and shell scripting. Google indexes like no other search engine.

Simple Google searches reveal the prospects you are looking for:

site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs
site:linkedin.com intext:”IT Director” AND “Singapore” -jobs
site:linkedin.com intext:”CISO” AND “Singapore” -jobs
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Healthcare”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Banking”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Finance”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Retail”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Utilities”

Job titles can be changed, so can be countries and industries.

Now for everyone with a bit of shell / python experience, these dorks can be fully automated and will then report into an Excel sheet in minutes. Business development with Google 🙂

Share

IoT Teddy Bear Hacked

Author: Martin Voelk
March 1, 2017

Whilst this sounds funny at first, it’s yet another serious data breach of customer data. IoT is becoming hacker’s first choice even before web applications these days. So don’t forget to have your IoT devices Pen Tested.

https://arstechnica.com/security/2017/02/creepy-iot-teddy-bear-leaks-2-million-parents-and-kids-voice-messages/ 

Share

IoT – the popular attack vector

Author: Martin Voelk
January 23, 2017

Evolving technologies such a IoT (Internet of Things) enable IP based Internetworking with devices previously not part of the network. Fitness machines, Home Protection Systems, Automation systems, Industrial processing systems, medical equipment, Burglary systems, temperature controls etc.

The downside to IoT is that it opens up a whole new attack vector. Not only can poorly protection IoT machines be compromised, they also can serve as a jump host to further penetrate the customer network.

Shodan is the tool of choice these days. A lot of the underground community is actively exchanging scripts with the best IoT dorks. Only because there is a treadmill on the web doesn’t mean that you can leave the default username and password!

https://www.shodan.io

Share

January 4, 2017

Happy New Year to everyone.
We have a first come – first serve free offer for our readers in January 2017.

10 x Free Cyber Intel Reports

FREE-CYBER-INTEL-REPORT

Share

August 25, 2016

iOS 9.3.5 is now out. Update like you’ve never updated before. https://t.co/8mWfs6aril #Trident

Share

August 24, 2016

This translation toolset is a very neat asset to any penetration tester and especially useful for exploit development and Web Application Pen Testing.

https://paulschou.com/tools/xlate/

Share

Easy SMTP Mail Relay Test

Author: Martin Voelk
August 23, 2016

This is a neat tool to test for open relays. Whilst most true open relays are not out there these days, internal relay is as dangerous? Why? Imagine Mr Tom Smith is the boss of Mr Jack Miller. Now Jack Miller sends an insulting email to Tom Smith which could terminate his work contract. Likewise a fake Smith to Miller mail could create serious disturbance. We come across those internal relay problems in many of our audits. Disable internal mail relaying!

https://www.wormly.com/test_smtp_server

Share

Dangerous FTP dork

Author: Martin Voelk
August 22, 2016

The following Google dork reveals open FTP directories spidered and indexed by Google. Shocking! As always, use responsibly but test for your own web site by adding the site operator

inurl:ftp -inurl:(http|https)

site:yourdomain.com inure:ftp -inurl:(http|https)

Share

Help an abused puppy

Author: Martin Voelk
July 16, 2016