Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org








Wednesday, May 23, 2012

Stuff I worked on in 2011 & 2012

I suppose I should update this site more often... So much to hack; so little time.   Here is some of the public stuff I have been working on in 2011, 2012.

Grabbing Usernames, Passwords, Cookies and more from HTTPS websites
http://pauldotcom.com/2012/07/post-exploitation-recon-with-e.html
http://pauldotcom.com/2012/09/data-mining-event-tracing-for.html

Privilege Escalation through VMWare snapshots
http://pen-testing.sans.org/blog/2012/08/03/pen-test-privilege-escalation-through-suspended-virtual-machines

Using Windows Resource Monitor to find hackers
http://isc.sans.edu/diary/13735

A great SCAPY shortcut for TCP Fussing
https://isc.sans.edu/diary.html?storyid=14080

Python Shells:
One liners:
http://pauldotcom.com/2011/10/python-one-line-shell-code.html
Put Meterpreter in Python for 100% evasion:
http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing

Cool new SQL Injection Tool - It is different!
http://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injection-more-efficient-new-tool

Volume Shadow Copy, Symbolic Links and directory name craziness
Execute files up to a month after they have been deleted and "cipher /w" wipes them:
http://www.irongeek.com/i.php?page=videos/hack3rcon2/tim-tomes-and-mark-baggett-lurking-in-the-shadows
http://traffic.libsyn.com/pauldotcom/PaulDotCom-265-Part4-MarkTim-ShadowCopy.mp3
Other related stuff:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
http://pauldotcom.com/2010/10/windows-7-symbolic-links-and-h.html
https://isc.sans.edu/diary.html?storyid=12958
https://isc.sans.edu/diary.html?storyid=13000

EAP MD5 Crack - Attack 802.1X
http://pauldotcom.com/2011/04/eap-md5-offline-password-attac.html
http://lanmaster53.com/2011/04/defeating-802-1x-with-marvin/
http://baggett-scripts.googlecode.com/svn/trunk/eapmd5crack.py

Packet Reassembler for a new IDS ANALYST evasion technique
https://isc.sans.edu/diary/IP+Fragmentation+Attacks/
http://baggett-scripts.googlecode.com/svn/trunk/reassembler/

Convert Iphone Backup to Google Maps & Dump other data
http://blogs.sans.org/pen-testing/files/2012/01/Technical-Team_Baggett-Team-255S.pdf
http://baggett-scripts.googlecode.com/svn/trunk/catsqlite3.py
http://baggett-scripts.googlecode.com/svn/trunk/iphone2kml.py




No comments:

Subscribe