All your Base64 are belong to us

As a security professional, I find myself doing more malware removal from websites that are run using either WordPress, Joomla or Drupal. Most of what I find are php files that are riddled with base64 code. This code is great for threat actors to hide their invasive malware from malware scanners. I want to show you how to find this code and show what is hidden in your php files.

Cybersecurity careers and the certifications needed

Cybersecurity has become one of the top sought after careers in the Information Technology field.  Careers ranging from an ethical hacker to a security auditor.  With so many options to choose from, where do you start to pursue such a purposeful and exciting future?  I will explain some of the top certifications that are offered and Read more about Cybersecurity careers and the certifications needed[…]

Burp Series: Intercepting and modifying made easy

As a penetration tester I have many tools that I use to help with web application testing, but the one tool that never lets me down is Burp suite by portswigger.  Burp suite is an intercepting proxy that allows you to modify and inspect web traffic, it comes in two flavors, free and paid.  The Read more about Burp Series: Intercepting and modifying made easy[…]

Information Gathering using Dmitry

In Kali, the command dmitry (Deepmagic Information Gathering Tool), is a Linux/GNU program that is written in C and will do whois lookups, port scans, email search and more. The following is a list of the current features: An Open Source Project. Perform an Internet Number whois lookup. Retrieve possible uptime data, system and server Read more about Information Gathering using Dmitry[…]