Tools
Recover Keys – Part 2 – Scanning Devices on the Network
In this Part 2 review of Recover Keys, we will look at how we can scan machines via the network. For most users, I don’t believe this option will be used too often. The average home user that purchase a license for personal use could just uninstall and install the tool on each machine they want to grab license keys off of, or buy a license for multiple machines. For larger organizations this tool is excellent as it can be installed in one location on a single machine. You also get the ability of being able to extract the license keys via the...
read moreRecover Keys – Part 1 – Scanning a Local Machine
Recovering License Keys I ran into an issue when trying to upgrade a windows 7 PC back in 2019 before Windows 7 went EOL. A decision was made to start a complete fresh install of Windows 10 instead of upgrading from Windows 7 to 10. However, it came with a caveat that I would have to reinstall many tools all over again. For some of them, I no longer had a stored copy of the license key(s) laying around, or stored digitally any longer. So it got me thinking, if there was a way to recover these license keys. Now, I could poke around and find...
read moreNamechk – A Domain Searching & Recon Tool
Namechk – A Domain Searching & Recon Tool So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses. What is the tool? I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search...
read moreAutomating NMAP Scans
Automating NMAP Scans Why do I need automation ? Security analysts just don’t have the time to always run manual tests. Let’s say I wanted to monitor my ports and services open on my external lab IP address. It is not feasible for me to run a scan at 3am every day for the rest of my life. Therefore, if I had a tool that could automatically run a scan, check to see if anything suspicious is found and can alert me if that is the case would be hugely beneficial. In my case, I have created a method to do this and it is a very...
read moreWappalyzer – Identify technology on websites
Wappalyzer – Identify technology on websites During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself. Finding technologies on a website One of...
read moreDNSTwist – Domain Phishing Enumeration
DNSTwist – A Look at Domain Phishing Enumeration A few weeks ago, I happened to stumble upon a tool called DNSTwist. And, like every tool I ever encounter, I always like investigate more into a tools capabilities and what it can offer. After reading more about the tool through another blog I was reading at that time. I was pointed towards the official Github page for DNSTwist. The tool itself is great and something every company should at least look at on a yearly basis. Phishing attacks are on a rise, and the expectation is that they...
read moreBurpSuite & ZAP Bypass Proxy
BurpSuite & ZAP Bypass Proxy I wanted to make this tutorial for users that might get stuck in a similar situation. I was security testing a website using Burpsuite and would end up with SSL Handshake failures. And, it really made no sense at first since Burpsuite uses Java. And, I had the latest version of Java installed on my machine. Burpsuite was giving me SSL Handshake failure alerts and was asking me to install JCE Strong Cipher policies. Turns out the website was using VERY strong ciphers (which is a very good thing). And, they were...
read moreDefault Passwords for IP Cameras
Default Passwords for IP Cameras So, I decided to post a list of default passwords for most IP camera’s. I will try to update this list as specifications change or are added over time. This list is very useful for conducting penetration testing. I’ve found that many camera devices will either not ask the user to “create” a password or a “new” non-default password. The camera I ended up purchasing for testing ended up asking and forcing the users to enter a new password upon setup. Major IP camera...
read moreWhy No Padlock?
SSL Scanning Websites So today, I came across a website that does a quick SSL test on your website. Anyone with a website should really be running this tool. I actually did find a few minor issues and was able to gather some info about it. Our Results Here is what we got for our results: It’s looking good for us and especially since we have forced all our internal links to make use of HTTPS I also wanted to list a bad result as shown below. Go ahead and scan your own website! Check out – Why No Padlock...
read more
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
