Decrypting Modern McAfee ePolicy Orchestrator Credentials

Back in 2011, a community-submitted module was pulled into the Metasploit Framework that was able to decrypt the passwords in files such as db.properties, containing the necessary credentials to connect to the database driving ePO. The module details the existence of a static key, used in conjunction with AES-128-ECB, that provides crypto services for strings […]

The Offensive Security Certified Expert (OSCE)

while True: try_harder() tl;dr: 2 out of 3 big Offsec certs. Worth taking it just for the exam. The Course I read a lot of reviews before deciding I was ready to take the course. Like most of the other reviewers, I was already familiar with the concepts required for getting through most of the […]

My Journey Through the Offensive Security Certified Professional (OSCP)

TL;DR: I passed. Thinking about going for it? Do it, you won’t regret it. Decision Time Let’s face it. There are a lot of certifications out there. Before I took the OSCP (and the accompanying Pentesting with Kali Linux course), I spent most of my time researching the “right” course to bust my resume out […]