Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your …

Continue reading

Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I …

Continue reading

Rip music from YouTube using youtube-dl, ffmpeg, and lame

| 0 comments

In a previous post I wrote about how to Rip DEFCON videos from YouTube and this got me to thinking about music. Is it possible to take a video that contains a music track and extract the audio to MP3 format? Well the answer surprisingly enough is yes. Now before you get to excited, you must understand that doing this clearly violates copyright laws and for that reason, I am writing about this purely from an educational point of view. Everything I am covering here is done on OS X and I used the homebrew package manager to install the required …

Continue reading

Metagoofil makes metadata extraction easy

| 0 comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx) belonging to a given target or victim website. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information-gathering phase. Metadata serves five purposes: resource description; information retrieval; management of information; rights management, ownership and …

Continue reading

Homebrew and not the beer kind

| 0 comments

Recently I had a need to install wget and Python on OS X Mavericks and anyone running a Mac can understand the pain point with installers outside of the Apple App Store. Before anyone starts asking the question why not use curl? That is like asking why not use Microsoft Windows? Now I am not bashing Windows because I use this  operating system depending upon my needs and task at hand. As a side note, it is possible to use Xcode and curl to compile and install wget, but why work harder rather than smarter? If you wish to take …

Continue reading