Dec 6, 2019
Posted in blog, Encryption, Featured, Information Security, pen testing, security awareness, Windows
Stealing Windows Wi-Fi WPA2-PSK Passwords through PowerShell
This week, I was hanging out with a friends, who happened to
forget their Wi-Fi Password to connect a new device to their network. I
decided, I would find a way and help them out so they could obtain the Wi-Fi
password. It then led me to a thought, that a malicious attacker could
technically use the same technique. Or, that it could be a good technique used
when pen testing an environment. So, therefore, I have decided to make a blog
post about it. Enjoy!
Read more Of This Post!
Feb 5, 2019
Posted in blog, Information Security, pen testing, social engineering, Tools
Namechk – A Domain Searching & Recon Tool
So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses.
What is the tool?
I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search for company names and personal names of people. Now the site isn’t made to conduct recon on anyone or any entity. But, it seems like some cyber security analysts and pen testers are starting to utilize it for recon purposes. And, why not? It’s a tool and various tools can be used for various purposes.
What is its real purpose?
Read The Full Post
Aug 26, 2018
Posted in blog, Featured, Information Security, pen testing, Reviews
Passing The GWAPT Exam
So, I finally went for it and attempted the GIAC GWAPT exam and passed it! I’ve been conducting some pen tests prior to taking the SANS SEC 542 course and the GWAPT exam. The course taught me many new things, and gave me a new perspective, and insight when it comes to web application pen testing. This blog post is to share my experience on how to best prepare for taking the GWAPT exam.
Should I take this exam or challenge the GWAPT ?
Many people will ask themselves this very same question. The best answer really depends on what your career goals are for your future. If you plan on being a pen tester, then this is a must at least if you are new or an intermediate to web pen testing. These days the Internet is filled with web applications, and now with more data and applications placed in the cloud. WebApp pen testing is a skill in demand and will be needed to test anything open to the public via the cloud.
Studying
Read The Full Post
Jun 25, 2018
Posted in blog, Featured, Information Security, Linux, pen testing, Tools
Automating NMAP Scans
Why do I need automation ?
Security analysts just don’t have the time to always run manual tests. Let’s say I wanted to monitor my ports and services open on my external lab IP address. It is not feasible for me to run a scan at 3am every day for the rest of my life. Therefore, if I had a tool that could automatically run a scan, check to see if anything suspicious is found and can alert me if that is the case would be hugely beneficial. In my case, I have created a method to do this and it is a very simple and straight forward method that virtually any one can use!
How can I create a NMAP scanning server ?
Servers are pretty easy to put up whether it’s a Virtual Image that’s spun up on a bare box, desktop, or in the cloud. In my case a Linux Ubuntu Server was used. It has a firewall and is assigned an external public IP address. It then has the ability to scan my lab network public IP address to be able to identify any open ports/services. It’s a great way to gain some visibility into knowing if any new ports were opened that shouldn’t have been or were missed.
*WARNING* please be sure that the network you are scanning is your own, or that you have WRITTEN PERMISSION to scan the network you desire. Scanning networks where you have no written permission can lead to legal issues, so please be sure you have permission or ownership of a network before doing so.
Read The Full Post
Apr 25, 2018
Posted in blog, Featured, Information Security, pen testing
SANS 542 – Winning the CTF Event
I just finished taking the SANS 542 vLive class on Web Application Penetration testing. During the last week (week 6) of the course, we have a CTF (Capture The Flag) event, where you team up with other classmates to exploit systems in a special SANS virtualized environment.
In our event, it started off being a bit unfair where the team I was on had 1 other person with me. While, the team on the other end had 4 members, so it was a 4 vs. 2 battle for most of the CTF. SANS has a similar environment as to one you would see at SANS Netwars. There is an area to create a team name, see your team rank and scores, as well as questions that are asked to you.
In the event our team thepentestninjas won the event leading the other team by over 100 points. We compromised all of the servers on the network, and completed the Level 3 mark. We however, got the very last system with 1 minute to spare.
SANS now has started a new program where they give out special SANS coins to winners of these types of events.
What is a SANS Pentest Coin?
(more…)
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
