Weaponizing hostapd-wpe

TL;DR: Installing hostapd-wpe on a wireless router powered by an external power bank provides a standalone wireless attack platform with […]

Email Hunting – Recon with Hunter.io

The Problem with OSINT… Something we as pentesters have to contend with on each of our engagements is recon. It […]

Evil AP Attacks with Spoofed Certificates

We’ve written in the past about the “Evil twin” or “Evil AP” attack using hostapd-wpe (“wireless pwnage edition”). This remains […]

Encrypt Macros – Bypass Sandboxes

It’s no secret that phishing is the most widely used and most successful attack vector in breaches and targeted attack […]

Building a Convincing USB Drop

One of my favorite attack vectors is the USB drop. At SecureState, our two go-to drops are the Rubber Ducky and […]

Gotta Vish ‘Em All: Managing a Large Vishing Engagement

I was recently tasked with managing a rather large vishing campaign targeting a major financial institution. Normally when we get […]