AIX for Penetration Testers

Background: On a recent internal pentesting engagement I managed to get an unprivileged shell on one of my client’s servers. It was a business critical server so enumerating it and rooting it was the next logical move to make. I always begin my enumeration by running the “uname -a” command to get some basic system…

WiFi Social Engineering – Playing with Wifiphisher

First, a little background: Wifiphisher is a WiFi social engineering tool that automates phishing attacks against WiFi networks. Wifiphisher is written in Python and was developed by Greek security researcher George Chatzisofroniou. Wifiphisher made waves in the wireless security world because of its unconventional attack method. Unlike traditional WiFi attacks, it doesn’t involve any of…