Finding Mapped Drives with Meterpreter

This post written by Matt Gardenghi --------- This is going to be a series of short "how to" articles so that I have a resource when I forget how I did something. Your benefit from this post is incidental to my desire to have a resource I can reach when I've had a brain cloud. […]

Metasploit Express Beta – First Look

This post was written by Matt Gardenghi This is just initial impressions of a beta product. I've been playing with this for about a week now in an internal network.  I have a dedicated box running Ubuntu 10.04 and Metasploit Express.  I've noticed that Express loves CPU time but is much less caring about RAM.  […]

Exotic XSS: The HTML Image Tag

There are the usual XSS tests.  And then there are the fun ones.  This is a story about a more exotic approach to testing XSS.... I was testing a company that had passed all XSS tests from their pentester.  I found that they allowed users to write HTML tags.  Of course they didn't permit <script> […]

Trusting the Browser (a ckeditor short story)

My name is Matt Gardenghi. Ron seems to think it important that this post be clearly attributed to someone else (this fact might worry me). I'm an occasional contributor here (see: Bypassing AV). I handle security at Bob Jones University and also perform pentests on the side. (So if you need someone to do work, […]