Category Archives: Security

Installing pyftdi on Ubuntu 18.04 for FT232H and FT2232H boards

Posted on June 12, 2019 by grymoire

Why use FT232H and FT2232H boards? I wanted to use a FT232H board for some hardware hacking. The FTDI FTxxx family of devices and boards based on this chip is categorized as a Multi-Protocol Synchronous Serial Engine (MPSSE), which can … Continue reading →

Posted in Hacking, Hardware Hacking, Linux, Security | Tagged BusPirate, FT2232H, FT232H, I2C, i2cscan, IoT, JTAG, PyFTDI, python, Security, Shikra, SPI, TUMPA, UART, Ubuntu | Leave a comment

Bus Pirate Cables – which is the best?

Posted on January 18, 2018 by grymoire

One of the more useful tools for reverse engineering hardware is a Bus Pirate. However, it does not come with any sort of cable or connector. You can use DuPont connectors, if your device has headers soldered to it. However, … Continue reading →

Posted in Hacking, Security | Tagged Bus Pirate, Cables, Hardware Hacking, Reverse Breadboard | Leave a comment

Metasploit+Amazon SES, or debugging Sendmail’s SMTP Authentication

Posted on January 17, 2018 by grymoire

TL;DR: Debugging Sendmail’s SMTP AUTH option is not well documented. I integrated Metasploit Pro with Amazon’s SES/Sendmail, and this describes the debug process I used. We have an Amazon EC2 system using SES (Simple Email Service) running Sendmail. We use … Continue reading →

Posted in Hacking, Linux, Security, System Administration | Tagged Amazon AWS, EC2, Metasploit Pro, Phishing, sasl, sendmail, SES, Simple EMail Service, SMTP AUTH, swaks | Leave a comment

LetsEncrypt + Amazon EC2 = SSLLabs A Rating

Posted on March 24, 2017 by grymoire

I wanted to easily add web security to a static AWS EC2 website to improve the search rankings. I found a guide by Ivo Petkov however there were a few problems with his instructions. I followed his advice: sudo yum install … Continue reading →

Posted in Linux, Security, Shell Scripting, System Administration, System Engineering, Uncategorized, Web Security | Tagged Amazon, AWS, EC2, EFF, HTTPS, letsencrypt, ssllabs, Web | Leave a comment

Building a Teensy 3.2 w/SD and 8 position DIP switch + Reset button

Posted on January 11, 2017 by grymoire

I’ve always wanted to build a versatile Teensy-based device for use in physical security penetration testing. I’ve seen Irongeek’s device, and Mike Czumak’s dongle, but neither of these had an SD card, and only had a 4 of 5 position … Continue reading →

Posted in Hacking, Linux, Security | Tagged Arduino, HID, Pentesting, teensy | Leave a comment

Scanning for confidential information on external web servers

Posted on February 6, 2016 by grymoire

One of my clients wanted us to scan their web servers for confidential information. This was going to be done both from the Internet, and from an internal intranet location (between cooperative but separate organizations). In particular they were concerned … Continue reading →

Posted in Linux, Security, Shell Scripting | Tagged audit, cloning, Excel, exiftool, grep, Information Disclosure, kali, Linux, mirroring, nmap, PDF, pdf2txt, pdfgrep, pdftotext, peedpf, ssconvert, wget, Word | 1 Comment

I purchased a HackRF device from Kickstarter, and some people recommend that shielding will help improve the reception. Nooelec sells an optional shield, but I thought a metal case would provide better shielding, for a few more dollars. Mike Ossmann … Continue reading →

Posted on March 8, 2015 by grymoire | 2 Comments

Setting up Kali 1.1.0 on the new Raspberry Pi 2

Posted on March 7, 2015 by grymoire

My new Raspberry Pi 2 arrived, and I wanted to install Kali on it. I was preparing to follow the steps of Richard Brain, but before I started, the folks at Kali tweeted that there was now a download available. … Continue reading →

Posted in Hacking, Linux, Security, System Administration | Tagged kali, raspberry Pi 2, ssh | 1 Comment

Extracting shell commands from Kali’s application menu

Posted on January 16, 2015 by grymoire

I use the Linux command line whenever I can. Using the mouse to execute something when my fingers are on the keyboard irritates me. I was using the Kali linux distribution to do some pentesting. And I was getting frustrated. … Continue reading →

Posted in Linux, Security, Shell Scripting | Tagged bash, gnome, kali, sed | Leave a comment

CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls

Posted on December 5, 2014 by grymoire

There are hundreds of web sites that describe the Padding Oracle attack, but many people find the concept confusing. I am going to try to explain everything you need to know. I am not going to write a bunch of equations … Continue reading →

Posted in Hacking, Security | Tagged AES, CBC, Cipher Block Chaining, Cryptography, Encryption, padding, Padding Oracle Attack, Security | 4 Comments