Tips, Tricks and Tools for Cyber Security Enthusiasts

Introducing SharpSocks v2.0

Thursday 14 November 2019/0 Comments/in Blog, SharpSocks /by Rob Maslen

It has been over a year since we released the first version of SharpSocks, our proxy-aware reverse HTTP tunnelling SOCKS proxy. This post aims to provide a State of the Nation update for users. It details some of our experiences using it, how the experience and performance has been massively improved, and some of our […]

Read more →

https://poshc2.readthedocs.io/en/latest/_images/autocompletions.png

Introducing PoshC2 v5.0

Tuesday 12 November 2019/0 Comments/in Blog, PoshC2 /by Rob Bone

PoshC2 v5.0 is here and there are significant changes and improvements that we’re very excited to reveal! There’s been a move to Python3, much improved documentation, significant functionality and quality of life improvements, and more. Read on for a detailed description of it all! Repositories We have had a bit of a change around with […]

Read more →

How to Exfiltrate AWS EC2 Data

Wednesday 9 October 2019/0 Comments/in Blog /by Iraklis Mathiopoulos

As Cloud infrastructure has become common, it has also become common for penetration testers to find themselves attacking clients that rely on e.g. AWS or Azure environments for handling, storing, and processing critical data. There are many new and interesting attack paths an adversary can take once they have obtained some sort of access to […]

Read more →

Maritime Malware Campaigns – Document Payloads

Thursday 19 September 2019/0 Comments/in Blog /by Joel Snape

As part of our research into threats facing the marine and offshore sector, we recently uncovered an ongoing malware campaign. It makes use of specific maritime industry related document lures, and attempts to evade detection by disguising command and control traffic as traffic to legitimate maritime-related businesses. From our examination of the documents being sent, […]

Read more →

DerbyCon 2019 CTF Write Up

Wednesday 18 September 2019/0 Comments/in Blog /by Spicy Weasel

We recently returned from the always excellent DerbyCon 2019 conference. We once again competed in the 48 hour Capture The Flag competition under the team name “spicyweasel”, where we were pleased to finish in second place. The prize for us was $750 and we decided to donate that to the Chris Lucas Trust, in order […]

Read more →

$C:\Users\coakley\Desktop\download (3).png$

Cross Site Scripting (XSS) Payload Generator

Monday 29 July 2019/0 Comments/in Blog /by Iain Wallace

This post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I’ve pushed to our XSS Payloads repository. There are times during a web application penetration test when Cross Site Scripting (XSS) has been identified with a trivial payload such as <script>alert(1)</script> or via […]

Read more →

Introducing SharpSocks v2.0

Introducing PoshC2 v5.0

Maritime Malware Campaigns – Document Payloads

DerbyCon 2019 CTF Write Up

Cross Site Scripting (XSS) Payload Generator

EMEA

Americas

General Enquires

Social Media

Welcome to Nettitude Labs

EMEA

Americas

General Enquires

Social Media