I am putting my database hacking tool SQShell up here for download. I have kept this to myself and friends for awhile because of restrictions on distributing the proprietary JDBC drivers. Well, I'm now providing a download for the tool without those drivers and instructions for adding them yourself. SQShell gives you a consistent command line interface to the various DBMSs with a few handy commands for common tasks like downloading tables, listing schemas, etc.
Derbycon '15 Presentation Out
My Derbycon presentation on bypassing multifactor authentication (MFA) is now available on Youtube. I had lots of fun putting this together. In the talk, I present a bypass method that we use for getting around RSA SecurID and Duo Security's MFA. I definitely have more in this area, so perhaps I'll be putting together some more scenarios for talks in the future!
PipeCat SMB Named Pipe Tool
At NolaCon '15, I demonstrated how I use SMB named pipes to tunnel TCP connections. PipeCat also provides a PSEXEC and WINEXE-style command execution mechanism without using services. You can download the presentation copy of pipecat here. Bear in mind that it's very... 'pragmatic' code... and it does depend on .NET framework 3.5+. I will get the source into github soon, though, to make it more accessible.
Metasploit Delay Loader
Duo MFA Race Condition & Bypass
Duo Security has released a fix for a session stealing attack we discovered some time ago. I have also blogged about it. I included this in my presentation at NolaCon '15. I'll probably get my video of the PoC up soon.
Snarf SMB Man-in-the-Middle Tool
NTFSx tool for raw access to NTFS files
I have used NTFSx to effect several times, from extracting NTDS.DIT when the new domains came out to extracting files without tripping file monitoring tools.