#_shellntel

Street Address

City, State, Zip

Phone Number

A SynerComm Team

Your Custom Text Here

#_shellntel

OpenSSH < 7.7 - Username Enumeration Exploit

August 21, 2018 Justin Gardner

On August 15th, 2018 a vulnerability was posted on the OSS-Security list. This post explained that OpenSSH (all versions prior to and including 7.7) is vulnerable to username enumeration by sending a malformed public key authentication request (SSH2_MSG_USERAUTH_REQUEST with type publickey) to the service.

Latest Blog Posts

Modern Attack Surface.png

Dec 23, 2020

In Scope or Out of Scope?

Dec 23, 2020

Dec 23, 2020

Building a Pwnagotchi

May 15, 2020

Building a Pwnagotchi

May 15, 2020

May 15, 2020

AWS Metadata Endpoint - How to not get pwned like Capital One

Aug 27, 2019

AWS Metadata Endpoint - How to not get pwned like Capital One

Aug 27, 2019

Aug 27, 2019

How to build a (2nd) 8 GPU password cracker

Feb 20, 2019

How to build a (2nd) 8 GPU password cracker

Feb 20, 2019

Feb 20, 2019

DA 101 - Protecting your Domain Admin Account

Oct 22, 2018

DA 101 - Protecting your Domain Admin Account

Oct 22, 2018

Oct 22, 2018

OpenSSH < 7.7 - Username Enumeration Exploit

Aug 21, 2018

OpenSSH < 7.7 - Username Enumeration Exploit

Aug 21, 2018

On August 15th, 2018 a vulnerability was posted on the OSS-Security list. This post explained that OpenSSH (all versions prior to and including 7.7) is vulnerable to username enumeration by sending a malformed public key authentication request (SSH2_MSG_USERAUTH_REQUEST with type publickey) to the service.

Aug 21, 2018

Mar 17, 2017

Thoughts on Blocking Powershell.exe

Mar 17, 2017

Mar 17, 2017

How to build a 8 GPU password cracker

Feb 13, 2017

How to build a 8 GPU password cracker

Feb 13, 2017

Feb 13, 2017

The Upside Down - Ventures into the 5GHZ Spectrum

Oct 26, 2016

The Upside Down - Ventures into the 5GHZ Spectrum

Oct 26, 2016

Oct 26, 2016

Oct 6, 2016

spin-up: Quickly Launch a Provisioned EC2 Attack Server

Oct 6, 2016

Oct 6, 2016

Sep 23, 2016

Luckystrike: An Evil Office Document Generator.

Sep 23, 2016

Sep 23, 2016

The Number One Pentesting Tool You're Not Using

Aug 3, 2016

The Number One Pentesting Tool You're Not Using

Aug 3, 2016

Aug 3, 2016

Screen Shot 2016-07-08 at 10.22.17 AM.png

Jul 8, 2016

Invoke-SMBAutoBrute.ps1 - Smart SMB Brute Forcing

Jul 8, 2016

Jul 8, 2016

Screen Shot 2016-06-07 at 4.13.13 PM.png

Jun 8, 2016

Weaponizing Nessus

Jun 8, 2016

Jun 8, 2016

May 24, 2016

Update to ProxyCannon

May 24, 2016

May 24, 2016

May 12, 2016

VPN over DNS

May 12, 2016

May 12, 2016

Feb 22, 2016

Websocket based egress buster

Feb 22, 2016

Feb 22, 2016

Feb 18, 2016

Abusing Exchange Web Service - Part 1

Feb 18, 2016

Feb 18, 2016

Screen Shot 2016-02-04 at 2.36.33 PM.png

Feb 8, 2016

Why Security Awareness Training Fails

Feb 8, 2016

Feb 8, 2016

Oct 6, 2015

Assisted directory brute forcing

Oct 6, 2015

Oct 6, 2015

crEAP - Harvesting Users on Enterprise Wireless Networks

Oct 1, 2015

crEAP - Harvesting Users on Enterprise Wireless Networks

Oct 1, 2015

Oct 1, 2015

Sep 26, 2015

[UPDATE] Creating your own private botnet for scanning.

Sep 26, 2015

Sep 26, 2015

Sep 25, 2015

Drone Code Execution (Part 1)

Sep 25, 2015

Sep 25, 2015

PowerShell Memory Scraping for Credit Cards

Sep 18, 2015

PowerShell Memory Scraping for Credit Cards

Sep 18, 2015

Sep 18, 2015

Sep 9, 2015

Intro To Active Directory Delegation

Sep 9, 2015

Sep 9, 2015

Jul 27, 2015

Using PowerShell & Unicorn to Get Persistence

Jul 27, 2015

Jul 27, 2015

Jul 14, 2015

Creating your own private botnet for scanning.

Jul 14, 2015

Jul 14, 2015

Jun 18, 2015

Circle City Con: 2015 CTF Writeup

Jun 18, 2015

Jun 18, 2015

Qualys Scanner API In Powershell Including External Ticket Creation

Jun 12, 2015

Qualys Scanner API In Powershell Including External Ticket Creation

Jun 12, 2015

Jun 12, 2015

Jun 12, 2015

Validating the Effectiveness of Your Controls

Jun 12, 2015

Jun 12, 2015