Feedly

So I put this out on twitter but failed to document it for historical reasons/find it when I need it. I was able to replace the PoC payload with the payload from Metasploit’s web delivery and it worked just fine. original PoC here: https://gist.github.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302#file-backdoor-sct Below we can see the replaced payload:…

Read More
Wasn’t WhatsApp messages already encrypted?

According to this article, which was written in 2014, WhatsApp had partnered with Open Whisper System to make its (text based) messages encrypted. So what’s the big change now that Whatsapp’s announcement that it now uses encryption keys? In what ways, if any, is using Signal Private Messenger more secure…

Read More
Weekly Metasploit Wrapup

Meterpreter Unicode Improvements   Pentesting in places where English is not the primary language can sometimes be troublesome. With this week’s update, it’s a little bit easier. After Brent’s work making Meterpreter’s registry system support UTF-8, you can now do things like use the venerable post/windows/gather/hashdump to steal hashes and…

Read More