Red Team - Over My Shoulder Shadowing Assessing Door Access Control Systems

In this video we access the security of a door I found while out in the field.. 

• We cover how to review the access control on a door for issues
• How to review if our assumptions are true
• How to bypass the controls that are verified
• And what tools we would use to do that. 

 

We also discuss this doors roll in penetration testing scenarios inside shared facilities and off the street in various setups and attack paths.  

Red Team - Over My Shoulder Shadowing while performing Embedded Recon and Opportunistic Attacks

 Want to learn Black Teaming / Physical Pentesting?    

Need Physical Pentest?

This is a live over my shoulder shadowing of Embedded Recon portion of a physical pentest you would perform for black/red teaming engagements.  Enjoy.. 

I cover analyzing your target

• Points of entry, attacks on the inside etc
• Janitors, 
• High Frequency cards
• Elevators
• Door attacks
• Alarms
• Finding unrestricted paths for later entry 
• Opportunistic Attacks 
• keyed Alike Systems
• And more

 

Layer 8 Social Engineering Podcast Interview

 Recently hopped on the layer 8 podcast to talk about hacking and social engineering.. 

Blog Posted in both locations but also residing to its new home at: 

https://www.consolecowboys.com/console-cowboys

Attacking MFA Pin Code Readers - Social Engineering Physical & Electronic

 Twitter:   / ficti0n   

Blog Posted in both locations but also residing to its new home at: 

https://www.consolecowboys.com/console-cowboys

This video goes over a ton of options and demos on how to attack Pin Code MFA based RFID readers during a physical penetration test. Social Engineering attacks, Physical attacks and Electronic Attacks.

Interview I did with Covert Access Team

 This is an interview I did with cover access team covering things for example: 

• Talks about blockchain attacks
• Chatting about running and managing a consultancy
• Mentoring employees and learning
• Physical security and exploitation. 

Blog located in both locations but also resides at its new home: 

https://www.consolecowboys.com/console-cowboys

 

Filling in the Gaps of your foundational Knowlege

 Hacking is basically just abuse of foundational knowledge.
Seriously, its about foundational knowledge. So learn it!!

So the new kids don't come from CS and EE backgrounds as often anymore.

With just surface level attack knowledge you might be able to hack at an intermediate level and than one day you will hit a wall and that will be your hacking knowledge failing to propel you further, due to lack of foundational knowledge letting you see the unseen. We need to fix this.

The kids never listen but I always scream it from the mountain tops. and then I hear cries that they didn't go to school so poor them its not their fault right? Wrong, it is your fault because information is free cheap and in abundance, but at least your interested so cheers to that, lets move forward.

There is an easy fix to this dilemma

You don't need a CS or EE degree because you will self teach one in 1/4 the time frame without curriculum bloat. (universities are inefficient) Instead we learn relevant foundational skills to your career, interests, objectives so you can progress quicker. You need to learn math? No problem khan academy.. You need to learn about network protocols or programming no problem there are full YouTube playlists / books / labs for this that are better then university classes by far

The Fix:
Choose a foundational item of interest and roll with it daily, this can even be as little as just 20 minutes a day with your morning coffee. Sadly that's more efficient then a university class lol

Base your choice 75% off your interest and 25% off what you actually might use it for.. Lets give a few examples

1. Programming - You can use programming in literally every single part of infosec. Pick a general purpose language like "Python" to learn and code useful things.. Or a specific language if you have a specific interest for example, "solidity" if in blockchain, or "C/C++" if doing exploit dev / Reversing

2. Assembly / Computer Architecture - Choose this if you have any need / want to dive into reverse engineering, exploitation or even old school game dev

3. Hardware / Electronics stuff - Choose this if you want to work on fun projects and see how those 0's and 1's function while using your general purpose code do neat things as a way to progress into more IOT / Hardware hacking etc. This could be as simple as buying some arduino kits / books and learning about circuits and creating them and building devices etc

4. Protocols Protocols Protocols... Learn all about network protocols and how they function and how to interact with them and send raw sockets and assemble various protocols from standard network protocols to Bluetooth zigbee, blockchain, sub-ghz etc Scapy anyone?

5. You can choose any other foundational thing you feel that is holding you back maybe Linux cmdline?

Choose 1 thing and spend 6 - 18 months daily learning a bit and playing with it each day, building things with it and coding things related to it etc

Learning Binary Ninja for Reverse Engineering - Integrating AI workflows to Reverse Engineer Keygens

In this video we run through creating Keygens from binaries to bypass software restrictions using AI prompts where relevant to help us code our own keygens and understand algorithms. 

Example Binaries: CTF Binaries Used: https://github.com/cclabsInc/Binja

 

Twitter: https://twitter.com/ficti0n

Looking for a penetration test? 

• http://consolecowboys.com
• http://cclabs.io 

Blog new additional location: https://www.consolecowboys.com/console-cowboys