thejcksn

Good morning all, how are we doing today? Watch anything good on Netflix recently? Many plans for the bank holiday weekend? Did you remember to deadbolt the office before you left yesterday? Wait… what? Yesterday the postman came. And this is what he brought me: What the hell is that?   Well it’s an under door tool (UDT) of course. A thin piece of flexible metal attached to a string, that can be folded away and neatly concealed in a rucksack, belt, or there are even versions that can be dismantled and stored in a pocket  (great video by the notsocivilengineer - showing a homemade collapsable UDT). So what does it do? And why should I care about your stupid bendy metal rubbish? This tool is designed to bypass the type of doors that are locked from the outside, but open with just an operation of the handle from the inside. They are usually accompanied by an RFID entry system or a code. This means you need to have the authentication to get in, but anyone can get out. And herein lies the f

Welcome back one and all! It’s been a while, I apologise, but I’ve been a very busy man. I finally managed to escape the clutches of mechanical engineering, and landed myself a job in Cyber Security! Very excited about that, but that’s not the topic of the blog, so moving on for now: Recently, I have been involved in a few penetration tests. And I’ve learnt that one of the very first steps is a phishing campaign. What’s the first thing you need for a phishing campaign? Coffee of course.  Closely followed by email addresses, I guess. Whilst not as important as the coffee, having valid email addresses is somewhat integral to pulling off a successful phishing campaign, resulting in those juicy creds you’re looking for.  So where do you get those email addresses from? You could get lucky and be handed a list by the client. But more often than not, it’s down to you to find them yourself.  I'm going to show you three steps today, along with the code needed to automate these steps, they a