Skip to main content

Posts

Showing posts from May, 2012

Welcome to Mark Baggett - In Depth Defense

I am the course Author of SANS SEC573 Automating Information Security with Python. Check back frequently for updated tools and articles related to course material.




Stuff I worked on in 2011 & 2012

I suppose I should update this site more often... So much to hack; so little time.   Here is some of the public stuff I have been working on in 2011, 2012.

Grabbing Usernames, Passwords, Cookies and more from HTTPS websites
http://pauldotcom.com/2012/07/post-exploitation-recon-with-e.html
http://pauldotcom.com/2012/09/data-mining-event-tracing-for.html

Privilege Escalation through VMWare snapshots
http://pen-testing.sans.org/blog/2012/08/03/pen-test-privilege-escalation-through-suspended-virtual-machines

Using Windows Resource Monitor to find hackers
http://isc.sans.edu/diary/13735

A great SCAPY shortcut for TCP Fussing
https://isc.sans.edu/diary.html?storyid=14080

Python Shells:
One liners:
http://pauldotcom.com/2011/10/python-one-line-shell-code.html
Put Meterpreter in Python for 100% evasion:
http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing

Cool new SQL Injection Tool - It is different!
http://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injecti…